Palo Alto Networks Uncovers 'Wirelurker' iOS Malware, Infects iPhones Via Infected Macs

When people think about Internet security, they still think of the various bugs, flaws, and malware that pervade the online world as a Windows problem. Macs have long enjoyed special status thanks to limited market share, while smartphones aren't generally considered to be an attack vector, no matter which OS you prefer. That's clearly changing -- a new report from Palo Alto Networks illustrates how a new Trojan they call WireLurker doesn't just infect iOS devices -- it relies on Mac OS X vulnerabilities to do so.

WireLurker contains a bevy of firsts and achievements. It's the largest malware to rely on repackaged OS X applications, the first to automate the generation of malicious iOS applications, the first that can infect iOS applications in a manner similar to a virus, and the first that can install third-party applications on non-jailbroken devices. Once it manages to infect an OS X system, WireLurker hides in the background, looking for an iOS device to attach to the computer. Upon detection, it installs third-party software to the phone or tablet regardless of whether the device is jailbroken or not.


The infection appears to have begun in the Maiyadi App Store, where its top targets have been downloaded thousands of times. The application has been updated multiple times since it first appeared and it's devilishly sneaky, with multiple methods of monitoring USB connections to sneak its payload aboard devices. Users are notified that a new application has requested install permissions, but the application itself runs and acts normally. Install an infected game, in other words, and your game still works.

Right now, WireLurker is capable of exporting your serial number, phone number, model number, device type, your Apple ID, UDID, WiFi address, and disk usage information.  According to the research team, WireLurker doesn't necessarily break new ground as far as its methods, but it's rare to see a product that targets non-jailbroken devices. Currently, no major virus scanners or websites properly identify WireLurker infection, though the Palo Alto team has written a script that can do so, located here.

Attacks like this are only going to become more common. Smartphones are the wave of the future and the expected method by which billions of people will get online over the next few decades. Malware and digital theft were never going to be far behind. 


All images credit: Palo Alto Networks

Palo Alto's security measures are fairly practical. Users should not allow third-party devices to create enterprise profiles, enterprises themselves should route their mobile traffic through threat prevention systems, everyone should keep their antivirus software updated, and people should stop thinking of device security as something only Windows users have to worry about. That last bit is us, not them, but take the point to heart. Nobody on any operating system is going to be able to rely on security through obscurity going forward. Except maybe Blackberry.