Story image

'New era' as iOS comes under malware attack

07 Nov 2014

The long held confidence iPhone users have had that they’re safe from malware has been dealt a blow, with enterprise security company Palo Alto Networks reporting a new family of Apple iOS and OS X malware.

The enterprise security company says the new malware family, dubbed WireLurker, marks ‘a new era’ in malware across Apple’s desktop and mobile platforms.

WireLurker can infect even non-jailbroken iOS devices through trojanised and repackaged OS X applications and is the first known malware family that can infect installed iOS applications similar to how a traditional virus would.

It jumps from infected Macs onto iPhones through USB connections.

Palo Alto Networks says WireLurker is capable of stealing a variety of information from infected mobile devices, and regularly requests updates from the attackers command and control server. However, the company notes the malware is under active development and its creators ultimate goal is still not yet clear.

The malware family, which has been targeting iOS and OS X for the past six months, is the first in-the-wild malware family that can install third-party applications on non-jailbroken iOS devices through enterprise provisioning.

Palo Alto Networks says it is also only the second known malware family that attacks iOS devices through OS X via USB and is the first malware family to automate generation of malicious iOS applications through binary file replacement.

A Palo Alto Networks blog says WireLurker was used to trojanise 467 OS X applications on Chinese third-party app store, Maiyadi.

“In the past six months, these 467 infected applications were downloaded over 356,104 times and may have impacted hundreds of thousands of users,”

Ryan Olson, Palo Alto Networks intelligence director, Unit 42, says WireLurker is unlike anything seen before in terms of Apple iOS and OS X malware.

“The techniques in use suggest that bad actors are getting more sophisticated when it comes to exploiting some of the world’s best-known desktop and mobile platforms.”

Palo Alto Networks is recommending a number of actions Apple users can take to mitigate the threat from WireLurker and similar threats, including enterprises routing mobile device traffic through threat prevention systems using mobile security applications, and employing an antivirus or security protection product for the Mac OS X system and keeping its signatures up-to-date.

The company also recommends ensuring ‘Allow apps downloaded from Mac App Store (or Mac App store and identified developers)’ is set in the OS X System Preferences panel, under security and privacy.

Users should also avoid downloading and running Mac applications or games from third-party app stores, download sites or any other untrusted sources and keep the iOS version up-to-date.

Other recommendations from Palo Alto Networks are:

- Do not accept any unknown enterprise provisioning profile unless an authorised, trusted party (eg your IT corporate help desk) explicitly instructs you to do so- Do not pair your iOS device with untrusted or unknown computers or devices- Avoid powering your iOS device through chargers from untrusted or unknown sources- Similarly, avoid connecting iOS devices with untrusted or unknown accessories or computers (Mac or PC)- Do not jailbreak your iOS device. If you do jailbreak it, only use credible Cydia community sources and avoid the use or storage of sensitive personal information on that device

Web design programmers do an about face – again!
Google is aggressively pushing speed in the mobile environment as a critical ranking factor, and many eb design teams struggling to reach 80%+ speed scores on Google speed tests with gorgeous – but heavy - WordPress templates and themes.
Digital spending to hit US$1.2 trillion by 2022
A recent study by Zinnov shows that IoT spend reached US$201 billion in 2018 while outsourcing service providers generated $40 billion in revenue.
'Iwi Algorithm' can grow Aotearoa's mana
Ngāti Whātua Ōrākei innovation officer Te Aroha Grace says AI can help to combine the values from different cultures to help grow Aotearoa’s mana and brand – and AI is not just for commercial gain.
Dropbox brings in-country document hosting to A/NZ & Japan
Dropbox Business users in New Zealand, Australia, and Japan will be able to store their Dropbox files in-country, beginning in the second half of 2019.
Why 'right to repair' legislation could be a new lease on life for broken devices
“These companies are profiting at the expense of our environment and our pocketbooks as we become a throw-away society that discards over 6 million tonnes of electronics every year.”
Kiwis know security is important, but they're not doing much about it
Only 49% of respondents use antivirus software and even fewer – just 19% -  change their passwords regularly.
Instagram: The next big thing in online shopping?
This week Instagram announced a new feature called checkout, which allows users to buy products they find on Instagram.
Apple's AirPods now come with 'Hey Siri' functionality
The new AirPods come with a standard case or a Wireless Charging Case that holds additional charges for more than 24 hours of listening time.