Apple used its iOS anti-malware security many times to bash Android’s malware problem — which is an issue that affects plenty of Android users — but it looks like the company might have a serious iOS and OS X security issue on its hands, The New York Times reports. While malware attacks have been possible against jailbroken iOS devices for some time, a new piece of malware has been discovered that can infect even iPhones that have not been jailbroken.
FROM EARLIER: Watch out for this frighteningly smart malware that’s infected over 75,000 jailbroken iPhones
Researchers at the Palo Alto Networks discovered the program, called WireLurker, which can be used for many purposes including spying silently on users. It seems to already have affected hundreds of thousands of users in Asia.
The point of entry seems to be OS X computers, with researchers having found 467 malware OS X applications in the unofficial Maiyadi App Store in China that were downloaded more than 356,000 times in the past six months in the region.
Once on a Mac, WireLurker can infect any iPhone that’s connected via USB to the computer, and install malicious applications.
“WireLurker exhibits complex code structure, multiple component versions, file hiding, code obfuscation and customized encryption to thwart anti-reversing,” the researchers wrote.
“WireLurker is capable of stealing a variety of information from the mobile devices it infects and regularly requests updates from the attackers command and control server. This malware is under active development and its creator’s ultimate goal is not yet clear,” he said.
“They are still preparing for an eventual attack,” Palo Alto Networks director of threat intelligence Ryan Olson told the Times. “Even though this is the first time this is happening, it demonstrates to a lot of attackers that this is a method that can be used to crack through the hard shell that Apple has built around its iOS devices.”
This isn’t the first time Apple has had security problems in China, with the company having fought a complex iCloud phishing attack only a few weeks ago.
More details about WireLurker, and what you can do to limit exposure to it, are available at the source links. Obviously, the first step is staying away from untrusted Mac App Store, as it appears that as long as the malware doesn’t reach your Mac, your iPhone is safe.
