WireLurker breaks new ground for iOS users
On Friday, Palo Alto networks released a study about a new form of malware called WireLurker. WireLurker is capable of infecting Mac OS X and jail-broken iOS devices (such as iPads, iPhones). Where WireLurker breaks new ground is its ability to infect non-jail-broken devices.
WireLurker has been spread by means of infected applications that reside on an app store in China called Maiyadi. Maiyadi is known for hosting pirated versions of popular software; in this case, the attackers uploaded infected applications. The report states that 467 applications were uploaded between 20 April 2014 and June 11 2014. The infected applications were then downloaded by users of the app store. Some of the infected apps included Angry Birds, GRID and Bejewelled.
When an infected application is downloaded, WireLurker installs various applications on the victim PC; some of these applications are installed as daemons and are run at start-up. This allows WireLurker to communicate with a command and control server. It also means that WireLurker can monitor for connection of iOS devices. Infection of an iOS device occurs when the device is plugged into a Mac laptop via a USB cable. WireLurker can download malware onto an iOS device even if the device is not jail-broken.
WireLurker regularly checks for updates to malware via the command and control server. To date, three version of WireLurker have been observed. Palo Alto networks have published software that searches for installs of WireLurker on OS X devices. The software is available for download at https://github.com/PaloAltoNetworks-BD/WireLurkerDetector.
Attacks have so far been centred on China. The new capabilities of the malware, however, mean that it is likely to become widely utilised by attackers. Further attacks are likely, and will not be necessarily centred on Chinese application stores.
Several recommendations are made in the report. A key one is to ensure your iOS is kept up to date. Another recommendation is to not pair an iOS device to an unfamiliar laptop, and don’t connect it via cable to an un-trusted laptop/PC. Probably most important is to not jailbreak an iOS device, along with only installing applications from trusted sources; in other words, don’t use third parties.