A new malware has been discovered that targets both Apple Mac computers and iPhones. Dubbed WireLurker, it is the first known malware that can infect iPhones that have not been jailbroken.
ESET detects the malware as OSX/WireLurker.A. It infects users through a third party Mac application store in China called Maiyadi. Once on the iMac or Macbook, the malware would wait for an iPhone or iPad connection via USB. As soon as the phone or tablet is connected WireLurker would spread to the handset, hence its name.
Once on the handset, WireLurker’s next steps depend on whether or not the iPhone is jailbroken or not, with Neowin reporting it will either inject a test app (The Independent says the malware was “observed downloading a harmless looking comic book app”), or replace ‘certain money transfer apps’. It does this by taking advantage of Apple’s enterprise app deployment system, which allows mass deployment of software, with no need for the App Store.
The BBC states that over 400 apps were infected with WireLurker, and that these have been downloaded over 350,000 times. Due to the malware originating on the unofficial Maiyadi app store, it is mostly infecting devices in China.
PC World reports that WireLurker currently “collects call logs, phone book contacts and other sensitive information,” but researchers stated that the malware’s “ultimate goal is not yet clear,” noting that it is under “active development.”
Apple has issued a statement saying, “We are aware of malicious software available from a download site aimed at users in China, and we’ve blocked the identified apps to prevent them from launching. As always, we recommend that users download and install software from trusted sources.”