iPhones, iPads Vulnerable to New OS X Malware via USB Connection

Provisioning of an infected application. (Image via Palo Alto Networks.)
Provisioning of an infected application. (Image via Palo Alto Networks.)

Researchers at network security company Palo Alto Networks have uncovered a new and sophisticated form of malware which attacks iOS devices through USB connections from OS X systems. They have called it WireLurker.

Palo Alto Networks says that “…this malware family heralds a new era in malware” and if the claims are true, the find is indeed significant. It is the first malware to generate malicious iOS applications automatically through binary file replacement and can infect installed iOS applications.

The company provides more detail in a report entitled “WireLurker: A New Era in OS X and iOS Malware.”

The malware was observed in the Maiyadi App Store, a third-party Mac application store in China. According to the report: “In the past six months, these 467 infected applications were downloaded over 356,104 times and may have impacted hundreds of thousands of users.”

According to Palo Alto Networks, WireLurker, running on an OS X system, can install either downloaded third-party applications or automatically generate malicious applications onto a USB-connected iOS device, regardless of whether it is jailbroken.

The malware is able to install malicious and infected programs on non-jailbroken iOS devices, according to the report, by using enterprise provisioning techniques, thus appearing to be an in-house application. The user is presented with a confirmation dialog box such as the one shown below, but otherwise the application will behave the same as an uninfected one.

The goal of the malware is not yet clear. It is capable of much and checks back frequently for updates from a command and control server.

Click here to continue reading…

ZD Net

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s