A new type of malware has been discovered by Palo Alto Networks which can infect Apple desktop and mobile operating systems, highlighting the increasing attacks on iPhones as well as Mac computers.
The malware tends to target Mac computers through a third party store before it can copy itself to iOS devices and researchers warn that the malware steals information and is capable of installing other damaging apps.
`WireLurker’ as it is called, is unlike anything that is seen with regards to Apple iOS and OS X malware, according to Ryan Olson, Intelligence director of Palo Alto Network and `the technique in use suggest that bad actors are getting more sophisticated when it comes to exploiting some of the world’s best known desktop and mobile platforms’.
It also has the potential to transfer from an Apple Mac computer to mobile devices with the use of a USB cord on regular, non-jail broken iOS devices and hop from infected Macs to iPhone.
Attackers – Chinese
Recent statement from Palo Alto Networks report that it has seen indication that the attackers were Chinese and the malware originated from Chinese third party apps store and seemed to affect users in the country.
As per the security firm, the malware can steal a variety of information from mobile devices, it infects and regularly request updates from the attacker’s control server. The company states that it is under active development and its creator’s final goal is not known.
It was first noticed by Palo Alto Networks in June when a developer Tencent a Chinese firm, realised that there were suspicious files and processes occurring on his Mac and iPhone and on further inquiries it was revealed that a total of 467 Mac programs listed on the Maiyadi App Store had been compromised to be included in the malware where they were downloaded 356,104 times till 16th October.
The software that was infected was popular games inclusive of Angry Birds, Pro Evolution Soccer 2014, The Sims 3 and Battlefield – Bad Company 2.
Communicates with Command & Control Server
The malware spreads via infected apps that are uploaded to the apps store which in turn were downloaded on Mac computers. Once the malware gets on the Mac, it communicates with a command and control server to check if there is a need to update its code, waiting till an iPhone, iPad or iPod is connected.
If an iOS device is connected, the malware checks it was jail-broken which is a process utilized by some in order to remove some of Apple’s restrictions and if jai-broken, WireLurker then backs up the device’s apps to the Mac, and repackages them with malware, installing the infected versions back on the iOS machine.
If it is not jail-broken, in the case of most of the iOS devices, WireLurker takes advantage of the technique which has been created by Apple to enable businesses to install special software on their employee’s tablets and handsets.
To reduce the risk of attack, Palo Alto Network have suggested the following: not to download Mac app from third party stores, not to jailbreak iOS devices, not to accept request for new `enterprise provisioning profile’, unless it comes from an authorised party for instance the employer’s IT department, not to connect the iOS device to unreliable computers and accessories to either copy information or charge the machines.