IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

iPhone & iPad users under attack from malware

Malware affecting the Mac, iPhone and iPad in China

A new variety of malware is targeting users with Macs, iPhones and iPads, according to new research.

Dubbed WireLurker, the malware was discovered by researchers working for Palo Alto Networks, who discovered it targets both OS X and iOS devices. 

The malware has been found in 467 OS X applications on the Maiyadi App Store, a third-party Mac application store in China, and the infected applications have been downloaded more than 356,104 times. As a result, they may have impacted hundreds of thousands of users.

 WireLurker monitors any iOS device connected via USB with an infected OS X computer and installs downloaded third-party applications or automatically generated malicious applications onto the device, regardless of whether it is jailbroken or not.

"This is the reason we call it WireLurker," said Palo Alto Networks researcher Claud Xiao. 

While similar methods to attack non-jailbroken devices have been demonstrated in the past, this malware combines a number of techniques to present a threat to all iOS devices.

The malware exhibits a complex code structure, multiple component versions, file hiding, code obfuscation and customised encryption to thwart anti-reversing, according to Xiao.

He said the malware is capable of stealing information such as Apple IDs and contacts. It also regularly requests updates from the attacker's command and control server. "This malware is under active development and its creator's ultimate goal is not yet clear," said Xiao.

"WireLurker is unlike anything we've ever seen in terms of Apple iOS and OS X malware," said Ryan Olson, intelligence director at Palo Alto Networks' threat intelligence team Unit 42.

"The techniques in use suggest that bad actors are getting more sophisticated when it comes to exploiting some of the world's best-known desktop and mobile platforms." 

The security outfit recommends users do not download Mac apps from third-party stores, jailbreak iOS devices or connect iOS devices to untrusted computers and accessories in order to evade the malware threat. 

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

Best laptops 2022: Acer, Asus, Dell and more
Laptops

Best laptops 2022: Acer, Asus, Dell and more

29 Apr 2022
Apple iPad Air (2020) review: The executive’s choice
tablets

Apple iPad Air (2020) review: The executive’s choice

7 Mar 2022
Norfolk Council hits Apple with class action lawsuit
Business strategy

Norfolk Council hits Apple with class action lawsuit

16 Feb 2022
How to turn off battery throttling on an iPhone
battery life

How to turn off battery throttling on an iPhone

10 Feb 2022

Most Popular

Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Costa Rica declares state of emergency following Conti ransomware attack
ransomware

Costa Rica declares state of emergency following Conti ransomware attack

10 May 2022