It’s not very often you hear about malware targeting iOS, but security researchers in Silicon Valley said on Wednesday they’ve spotted new malicious software doing just that.
Although it appears to be spreading through a third-party OS X app store in China and consequently largely confined to that country, the development could be a taste of things to come for iDevice owners in other parts of the world if similarly designed malware is launched by other cybercriminals, or even the same group.
Palo Alto Networks said the one it’s uncovered, called ‘WireLurker’, loads onto iPhones and iPads when the device is connected via USB to a Mac computer onto which an infected OS X app has already been downloaded.
The security firm’s Claud Xiao said in a blog post (via NYT) that the malicious software is apparently only the second known case of a malware attack on iOS devices through OS X via USB, and can infect Apple devices whether or not they’ve been jailbroken. In an ominous note, the researcher said the discovery “heralds a new era in malware attacking Apple’s desktop and mobile platform” and is “the biggest in scale we have ever seen.”
According to Palo Alto Networks’ research, WireLurker has infected 467 OS X apps on the third-party Maiyadi App Store, with just over 356,000 downloads made to OS X computers, meaning the malware could have impacted “hundreds of thousands” of iOS users.
The malware is capable of stealing “a variety of information” from a user’s mobile device, though according to Xiao, the goal of the person or people behind the software, which is continuing to be updated, is yet to be identified.
For now, the security firm suggests users take a number of steps to ensure they steer clear of WireLurker and similar threats, including avoiding Mac apps from third-party app stores, and refraining from connecting iOS devices to untrusted or unknown accessories or computers. See Xiao’s post for the full list of recommended measures.
While the software appears to be confined to users in China for now, Ryan Olson, the director of threat intelligence at Palo Alto Networks, suggested it may not stay that way, telling the NY Times that it “demonstrates to a lot of attackers that this is a method that can be used to crack through the hard shell that Apple has built around its iOS devices.”
We’ve reached out to Apple for comment and will update when we hear back.