WireLurker a new form of malware is infecting Apple operating system for the past 6 months.According to a report by Palo Alto Networks security researchers says that it is the biggest in scale within the malware family.The researcher said "The Discovery of WireLurker poses a new Era of Malware".
WireLurker is the second known malware family that infect iOS devices through OS X vis USB.It the first malware to automate generation of malicious iOS applications through binary file replacement also the first malware that can infect iOS applications similare to the traditional virus.This malware can install third-party applications on non-jailbroken iOS devices through enterprising provisioning.
"Wirelurker is unlike anything we have ever seen in terms of Apple iOS and OS X malware.The techniques in use suggest that bad actors are getting more sophisticated when it comes to exploiting some of the world's best known desktop and mobile platforms.",said Ryan Olson(Company's intelligence director).
How it works
This type of malware is very unique.It infect iOS devices via Apple's OS X.When users download a Wirelurker affected app its start waiting for user to attach a iOS device.Once connected it try to find whether the device is jailbroken or not.If its is jailbroken,If its is jail broken,Wirelurker backup the device's apps to the Mac where it repackages them with malware and then installs the infected the infected versions on the devices.If its is non-jailbroken,Wirelurker takes advantage of the method created by Apple which allow them to install special software on the staff's devices.This involved placing infected apps on the devices that has been signed by a bogus "enterprise certificate",a code is added to the product to prove that this app is from an trustworthy source.To ensure that the device has accepted this certificate, a permissions request was pop up on the targeted iOS device. It asked permission to run the app, but if the user clicked “continue” it installed code called a “provisioning profile”.Once user clicked on continue iOS device will accept any app that has been signed with the same enterprise certificate.
WireLurker was used to trojanize 467 OS X applications on the Maiyadi App Store (third-party Mac applications store in China).
In the past 6 months ,these 467 infected applications were downloaded over 356,104 times and it has infected more than thousand of users.Recently a new flaw was discovered in Mac OS X by a security researcher Emil.
WireLurker monitors any iOS device connected via USB with an infected computer and installs downloaded third-party applications or automatically generated malicious applications onto the device,regardless of whether its is jailbroken.This is the reason why call it "WireLurker".Researchers have demonstrated similar methods to attack non-jalibroken device before..However,this malware combines a number of techniques to successfully realize a new brand of threat to all iOS devices.In statement Apple said that "We are aware of malicious software available from a download site aim at users in China,and we've blocked the identified apps to prevent them for launching.As always,we recommend that users download and install software from a trusted sources."
We recommend our users to take some safety tips mention below.
- Don't download apps from third-party store.
- Don't jailbreak iOS devices.
- Don't connect your devices to untrusted computers.
- Keep iOS version up-to-date.
- Do not accept any unknown enterprise provisioning profile unless an authorised ,trusted party instruct you to do so.
- You can also use this tool to detect the Wirelurker malware family on OS X.This tool is available on github and tool is made by Palo Alto Networks.
Post a Comment