Apple’s iOS platform has long been considered the most secure there is, but new malware that’s being passed on to iPhones and iPads via infected Macs is spreading like wildfire in China. Unlike previous iOS attacks, you don’t need a jailbroken device to be at risk with this one.
The “WireLurker” trojan is being hidden inside OS X apps distributed via a third-party Mac app store called Maiyadi, new research has found. When the apps are downloaded onto a desktop, they automatically side-load malware onto connected iOS devices without the owners’ knowledge.
According to researchers at Palo Alto Networks, it’s the biggest attack ever seen on iOS. It’s estimated that apps infected by WireLurker have already been downloaded more than 356,000 times, and what’s most worrying is that every Maiyadi user is at risk.
With previous iOS attacks, only those with jailbroken devices had anything to be concerned about. But WireLurker uses an enterprise provisioning system built into iOS that is designed to allow large companies to deploy software without having to gain App Store approval.
Once it is installed on an iPhone or iPad, WireLurker uses binary file replacement to rewrite existing iOS apps. It’s been known to target apps like TaoBao and AliPay, auctions and payment systems built by ecommerce giant Alibaba, to harvest users’ payment information.
If you don’t use Maiyadi, you have little to worry about at this point. However, WireLurker represents a serious security flaw in iOS that could quickly become a major problem for a large number of users. It may only be an issue for those in China right now, but it’s surely only a matter of time before this trick is being exploited all over.
Until Apple can come up with a fix for this problem, Palo Alto Networks recommends that users avoid third-party app stores and plugging their devices into unknown sources.