Apple Security Woes Deepen With Fresh Malware Threat

Apple has another security headache on its hands with the discovery of a potentially serious new family of malware, which is actively targeting Apple products running Mac OS and iOS.

The discovery is the latest security threat to the Apple platform, and comes amid growing problems in its nascent Chinese market.

WireLurker Malware

The discovery of the new form of malware targeting Apple was made by American security specialist Palo Alto Networks. In a blog posting, it warned that the new malware is targeting Apple users in China, running either Mac OS or iOS.

What is worrying about this new family of malware is its ability to infect even non-jailbroken iOS devices through trojanised and repackaged OS X applications, which the security vendor says heralds a new era in malware across Apple’s desktop and mobile platforms.

Palo Alto warned that the new malware, which it is calling “WireLurker”, is only the second known malware family that attacks iOS devices through OS X via the USB connection. It is also the first malware to automate generation of malicious iOS applications, through binary file replacement.

Palo Alto also said that it is the first known malware that can infect installed iOS applications similar to a traditional virus, and it is the first in-the-wild malware to install third-party applications on non-jailbroken iOS devices through enterprise provisioning.

“WireLurker was used to trojanize 467 OS X applications on the Maiyadi App Store, a third-party Mac application store in China,” warned the security vendor. “In the past six months, these 467 infected applications were downloaded over 356,104 times and may have impacted hundreds of thousands of users.”

Real Threat

So how does it work? Well, Palo Alto reportedly called it called WireLurker because of the malware’s ability to sense when a user plugs their iPhone or iPad into infected Mac OS machine via the USB port. Once that happens, it starts installing malicious apps on the user device, even if it is not jailbroken.

Palo Alto warns that WireLurker exhibits complex code structure, multiple component versions, file hiding, code obfuscation and customized encryption to thwart anti-reversing.” It is capable of stealing data, and regularly requests updates from the attackers command and control server.

“This malware is under active development and its creator’s ultimate goal is not yet clear,” warned Palo Alto.

“They are still preparing for an eventual attack,” Ryan Olson, the director of threat intelligence at Palo Alto Networks, was quoted as saying by the New York Times. “Even though this is the first time this is happening, it demonstrates to a lot of attackers that this is a method that can be used to crack through the hard shell that Apple has built around its iOS devices.”

It recommends that all businesses route their mobile device traffic through a threat prevention system using a mobile security application like GlobalProtect. It also recommends the use of antivirus or another security protection product for the Mac OS X system and keep it up-to-date.

Mac OS X users should also ensure that only apps from the Mac App Store are downloaded, and not to use third-party app stores. Again, make sure iOS devices are up-to-date, and do not pair the Apple device with an unknown computer, even if just charging it. Users should also not jailbreak their devices.

Apple Security

Apple has a good reputation when it comes to security, but it does have vulnerabilities. Earlier this week for example, it emerged that Apple is currently also working on a patch for another serious vulnerability, called “Rootpipe”. That flaw reportedly gives hackers admin privileges on a compromised Mac. To make matters worse, the hackers can exploit the flaw to give themselves the highest admin level, known as root access.

In July Apple fixed a number of bugs and security flaws in an update to OS X Mavericks, and there have been many other flaws and vulnerabilities over the years as well.

In 2012, Apple was criticised by security researchers who claimed it did not react fast enough to kill off a prevalent malware strain, called Flashback.

What do you know about Internet security? Find out with our quiz!