It’s the latest malware threat to surface, but it’s the very first that would be capable of wreaking havoc on iOS devices the way a traditional virus would. It’s called “WireLurker” and it has the potential to affect some 800 million Apple customers, according to software security company Palo Alto Networks.
So far, Palo Alto Networks found that WireLurker was used to worm its way into 467 OS X applications on the Maiyadi App Store, a third-party Mac application store in China. That may not sound like much, but those apps were downloaded over 356,104 times and may have impacted hundreds of thousands of users, mostly in China, according to the company. Apple says it has identified and blocked the malicious applications.
Though contained –for now– Ryan Olson, intelligence director for Palo Alto Networks Unit 42 division, told Reuters that the hackers could have stolen messaging IDs and contacts from users’ address books, but “they could just as easily take your Apple ID or do something else that’s bad news.”
For individuals its a headache, but for the growing number of mid-size companies requiring staff to “bring your own device” (BYOD), MidMarketPulse has reported that attacks like this from WireLurker could cost millions before they are detected.
While Apple has always touted its devices’ immunity to such threats (provided the user didn’t jailbreak them), WireLurker “is the first in-the-wild malware to install third-party applications on non-jailbroken iOS devices through enterprise provisioning,” writes Palo Alto Networks’ Claud Xiao. The way it works is that WireLurker waits until it detects a USB connection –like when an employee plugs their iPhone into their computer to charge or download something– and the malware gets dumped on to the computer, potentially making off with sensitive corporate information.
And if this spread so quickly, could others be far behind?
If you want to protect your phone and your company’s security from WireLurker and other potential malware threats, Xiao recommends the following:
- Enterprises should assure their mobile device traffic is routed through a threat prevention system using a mobile security application like GlobalProtect
- Employ an antivirus or security protection product for the Mac OS X system and keep its signatures up-to-date
- In the OS X System Preferences panel under “Security & Privacy,” ensure “Allow apps downloaded from Mac App Store (or Mac App Store and identified developers)” is set
- Do not download and run Mac applications or games from any third-party app store, download site or other untrusted source
- Keep the iOS version on your device up-to-date
- Do not accept any unknown enterprise provisioning profile unless an authorized, trusted party (e.g. your IT corporate help desk) explicitly instructs you to do so
- Do not pair your iOS device with untrusted or unknown computers or devices
- Avoid powering your iOS device through chargers from untrusted or unknown sources
- Similarly, avoid connecting iOS devices with untrusted or unknown accessories or computers (Mac or PC)
- Do not jailbreak your iOS device; If you do jailbreak it, only use credible Cydia community sources and avoid the use or storage on that device for sensitive personal information.