Palo Alto Networks Uncovers 'Wirelurker' iOS Malware, Infects iPhones Via Infected Macs
WireLurker contains a bevy of firsts and achievements. It's the largest malware to rely on repackaged OS X applications, the first to automate the generation of malicious iOS applications, the first that can infect iOS applications in a manner similar to a virus, and the first that can install third-party applications on non-jailbroken devices. Once it manages to infect an OS X system, WireLurker hides in the background, looking for an iOS device to attach to the computer. Upon detection, it installs third-party software to the phone or tablet regardless of whether the device is jailbroken or not.
Right now, WireLurker is capable of exporting your serial number, phone number, model number, device type, your Apple ID, UDID, WiFi address, and disk usage information. According to the research team, WireLurker doesn't necessarily break new ground as far as its methods, but it's rare to see a product that targets non-jailbroken devices. Currently, no major virus scanners or websites properly identify WireLurker infection, though the Palo Alto team has written a script that can do so, located here.
Attacks like this are only going to become more common. Smartphones are the wave of the future and the expected method by which billions of people will get online over the next few decades. Malware and digital theft were never going to be far behind.
All images credit: Palo Alto Networks
Palo Alto's security measures are fairly practical. Users should not allow third-party devices to create enterprise profiles, enterprises themselves should route their mobile traffic through threat prevention systems, everyone should keep their antivirus software updated, and people should stop thinking of device security as something only Windows users have to worry about. That last bit is us, not them, but take the point to heart. Nobody on any operating system is going to be able to rely on security through obscurity going forward. Except maybe Blackberry.