Science

Apple devices hit by 'WireLurker' malware in China

Palo Alto Networks Inc has discovered a new family of malware that can infect Apple Inc's desktop and mobile operating systems, underscoring the increasing sophistication of attacks on iPhones and Mac computers.

So far, incidence seems limited to China

Apple's iPhone 6 are displayed during a news conference by Customs and Excise Department and the police in Hong Kong on Sept. 21. (Bobby Yip/Reuters)

Palo Alto Networks Inc has discovered a new family of malware that can infect Apple Inc's desktop and mobile operating systems, underscoring the increasing sophistication of attacks on iPhones and Mac computers.

The "WireLurker" malware can install third-party applications on regular, non-jailbroken iOS devices and hop from infected Macs onto iPhones through USB connector-cables, said Ryan Olson, intelligence director for the company's Unit 42 division.

Palo Alto Networks said on Wednesday it had seen indications that the attackers were Chinese. The malware originated from a Chinese third-party apps store and appeared to have mostly affected users within the country.

The malware spread through infected apps uploaded to the apps store, that were in turn downloaded onto Mac computers. According to the company, more than 400 such infected apps had been downloaded over 350,000 times so far.

Apple blocks apps

An Apple spokesman said the company is aware of the malicious software, and it has blocked the apps to prevent them from launching. "As always, we recommend that users download and install software from trusted sources," the spokesman told the Associated Press in an email.

It's unclear what the objective of the attacks was. There is no evidence that the attackers had made off with anything more sensitive than messaging IDs and contacts from users' address books, Olson added.

But "they could just as easily take your Apple ID or do something else that's bad news," he said in an interview.

Once WireLurker gets on an iPhone, it can go on to infect existing apps on the device, somewhat akin to how a traditional virus infects computer software programs.

Olson said it was the first time he had seen it in action.

"It's the first time we've seen anyone doing it in the wild," he added.

Shares of Apple Inc. fell 45 cents to $108.41 in morning trading Thursday, while Palo Alto Networks Inc. jumped 2 percent, or $2.06, to $104.58.


How to protect yourself from WireLurker

​Palo Alto Networks offers tips to protect yourself and your Apple devices from WireLurker:

  • Use an antivirus or security protection product for your Mac OS X system and keep its signatures up to date.
  • In the OS X System Preferences panel under “Security & Privacy,” ensure “Allow apps downloaded from Mac App Store (or Mac App Store and identified developers)” is set.
  • Don't download and run Mac applications or games from any third-party app store, download site or other untrusted source.
  • Keep the iOS version on your mobile device up to date.
  • Don't connect your iOS device to untrusted or unknown computers, accessories or devices, including chargers.
  • Don't jailbreak your iOS device; If you do jailbreak it, only use credible Cydia community sources and avoid the use or storage of sensitive personal information on that device.
  • Don't accept software distributed via an "enterprise provisioning profile" unless your IT corporate help desk or other trusted party explicitly instructs you to do so.
  • Businesses should route mobile device traffic through a threat prevention system using a mobile security application.

With files from CBC News