WireLurker Malware for iOS and OS X: How to Stay Safe

Apple and the users of its products have always had at least one key piece of statistics in their favor: the negligible proportion of malware susceptible to attack the iOS and OS X platforms. In a stark contrast to this, Android and Windows operating systems have received a bad rap for being prone to fall victim to the viruses, malware and exceedingly intricate security concerns. But the latest malware in town, WireLurker, would like to have a word with the iFans.

The reason behind WireLurker gaining quick notoriety are twofold: not only does it target Apple’s platforms — both the mobile and desktop, but it can also allegedly target devices which are not jailbroken. According to a cautious estimate, hundreds of thousands of users may already have fallen prey to WireLurker.

According to the cyber-security firm PaloAlto Networks which did the original research on the family of malware, the WireLurker has been targeting Mac and iOS devices for the past six months now. The malware itself primarily infects Mac devices when a Mac app containing the malware is downloaded from an unofficial source, and is then transferred to any iOS device that is connected to the system via USB.

WireLurker is unique compared to other Mac or iOS malware because of several characteristics. It is only the second known malware which attacks iOS devices via USB, it has the ability to automate the generation of malicious iOS app files, and it can also affect the apps already installed on the iOS device. While the malware isn’t showing any signs of serious damage right now, the way it can communicate with C2 (Command and Control) servers to download data and replicate itself are extremely worrisome signs which could lead to serious security concerns in the future.

PaloAlto Networks has compiled a generic guideline for iOS and Mac users following which they can minimize the risk of exposure of their devices to WireLurker:

• Install a trusted antivirus/security protection software on computers (Mac or PC), and keep it up-to-date.
• Never download or run any Mac application from a third-party/untrusted app store or unknown source.
• Keep the iOS and OS X version up to date.
• Do not use any accessories (charger, USB cable, etc.) from unknown sources, i.e. the ones that did not come with the official packaging.
• Do not pair your iOS device with devices or computers (Mac or PC) you do not own.
• Do not jailbreak your device. If you must, however, then observe extreme caution while installing apps on your device. Only rely on trusted sources of apps (Cydia community, for instance) and avoid storing sensitive and/or private information on a jailbroken device.

Update (07/11/2014 – 10:07 PM): Apple has released an official statement explaining that the threat posed by the malware has been neutralised:

“We are aware of malicious software available from a download site aimed at users in China, and we’ve blocked the identified apps to prevent them from launching. As always, we recommend that users download and install software from trusted sources,” stated an Apple spokesperson.

–Sources: ITProPortal, Rappler, PaloAlto Networks, ExtremeTech