Want to stay safe from WireLurker malware on iOS, OS X? Don't use shady app stores!
In spite of some incidents here and there, both iOS and OS X are mostly safe from malware. Obviously, that assumption only holds true assuming that users do not go out of their way to get into trouble by jailbreaking their devices and messing with cracked apps or software grabbed from shady places. It is common sense, really -- the security measures that Apple enforces can only go so far to protect users in uncontrolled environments. (The same thing can also be said in regards to Android and Windows, but that is a different story.) And if you need any more proof of just how important it is to stick to trusted sources, this is it.
In the past six months, hundreds of thousands of iOS and OS X users have been affected by the WireLurker malware family, according to security research firm Palo Alto Networks, after using Chinese third-party app store Maiyadi App Store to download OS X software. Go figure!
The software in question -- 467 apps infected with a trojan -- is said to have been downloaded more than 356,000 times. It first affects Macs, then impacts iOS devices (like iPhones and iPads) connected via USB, by leveraging Apple's enterprise app deployment software.
WireLurker is extremely dangerous, because it can impact both jailbroken as well as non-jailbroken iOS devices. This is among the first times that this is known to happen in the iOS world. It uses third-party apps, or automatically-generated apps with malicious code, apparently to steal various pieces of information.
WireLurker is a serious threat also because it requests updates frequently from servers used by the attackers, making it more difficult to thwart once users have been affected. Palo Alto Networks warns that it "is under active development and its creator’s ultimate goal is not yet clear".
It is worth nothing that, out of the box, those users could have avoided WireLurker altogether, had they decided not to alter OS X's security settings to allow software to be installed from any source. It is too bad that some people never learn from others' mistakes. Basically, they are asking for trouble.
By default, OS X is configured to only allow apps from Mac App Store and identified developers to install on Macs. Palo Alto Networks points to this setting, among other measures, as having to be enabled in order to "mitigate the threat from WireLurker and similar threats".
Apple's involvement in the spread of WireLurker should not be underplayed, however, as it is its own software, that is used to deploy enterprise apps from Macs, that makes it possible for the malware to impact iOS devices. Apple needs to address this issue quickly, as it is clear a weakness in its software plays a key role in this.
Palo Alto Networks has also released a tool which checks your Mac for WireLurker malware. It is easy to use, and the scan takes little time.