WireLurker Becomes First Malware to Target Macs And iOS Devices

Usually it is Android that makes the headlines for security exploits but this time around, it’s iOS. Researchers from Palo Alto have uncovered a bug called Wirelurker which might already have affected hundreds of thousands of devices.

The primary method of infection for this bug is through the Maiyadi App Store which is a third party app store for OSX based in China. At the time of publication, it’s estimated that over 350,000 users might already have been infected. Furthermore, the malicious code was present in over 450 apps on the Maiyadi app store. Pirated versions of some high profile games like Sims 3 and Angry Birds were amongst the infected apps.

Wirelurker exploits the enterprise provisioning system mechanism, which allows big companies to push through new software without the need to go through the fairly laborious app store approval process. So any app that has an enterprise provision certificate can be installed without an issue. This is exploited and what’s concerning is that it affects both jailbroken and non-jailbroken devices.

Once a desktop (all Macbooks and Macs are susceptible) has been infected, Wirelurker can move to any iOS devices connected through a USB cable. Then, it rewrites programs through binary file replacement. Once a non-jailbroken device has been infected, Wirelurker side loads a comic book app onto the device which is not malicious in itself. Researchers suspect this is simply to test whether a device is compromised or not.

The interesting part is that on infected devices, Wirelurker specifically tries to identify the owner of the infected devices. On jailbroken devices, it also tries to access text messages. It also tries to steal payment information and other sensitive data. Some security experts have labeled Wirelurker as primitive but fear that the mechanism used by the bug could be exploited by more sophisticated hackers.

With Wirelurker, iOS users are facing their first widespread significant security threat. Software for testing whether you are affected or not has already been developed that you can download from here. However, the fact remains that Wirelurker is not a passive threat. It is under active development and you should stay safe by not using a third party app stores or charging by plugging into devices you don’t trust.

Talal is a Director and the Chief Content Officer at ProPakistani. Reach out at [email protected]

    • That’s just where it originated. Now if you connect you iPhone to any infected Mac, the malware will transfer over to your device regardless of if you have a jailbroken device or not.

    • Not likely. If Apple wants, they can remotely render all third party app stores useless by performing certificate encryption checks whenever an app is installed to ensure that the app has come from the official App Store. This is what Microsoft does on Windows Phone, which is why it is and will continue to be the most secure mobile platform for a long time to come.

      • was a sarcastic jab yaar.. iOS allows these third party app stores cause it has direct competition with Android. MS isn’t a market leader or contender so Its still safe & secure.

  • “first widespread significant security threat”
    Hyperbole much? It’s easier to go out and get laid then to have your iPhone infected with this ‘malware’.

  • First malware to target Macs? Sorry to burst your bubble but there are dozens of malwares, spywares, trojans and rootkits for Macs out there.

  • Ltd feature videos

    Watch more at LTD