Story image

'New era' as iOS comes under malware attack

07 Nov 14

The long held confidence iPhone users have had that they’re safe from malware has been dealt a blow, with enterprise security company Palo Alto Networks reporting a new family of Apple iOS and OS X malware.

The enterprise security company says the new malware family, dubbed WireLurker, marks ‘a new era’ in malware across Apple’s desktop and mobile platforms.

WireLurker can infect even non-jailbroken iOS devices through trojanised and repackaged OS X applications and is the first known malware family that can infect installed iOS applications similar to how a traditional virus would.

It jumps from infected Macs onto iPhones through USB connections.

Palo Alto Networks says WireLurker is capable of stealing a variety of information from infected mobile devices, and regularly requests updates from the attackers command and control server. However, the company notes the malware is under active development and its creators ultimate goal is still not yet clear.

The malware family, which has been targeting iOS and OS X for the past six months, is the first in-the-wild malware family that can install third-party applications on non-jailbroken iOS devices through enterprise provisioning.

Palo Alto Networks says it is also only the second known malware family that attacks iOS devices through OS X via USB and is the first malware family to automate generation of malicious iOS applications through binary file replacement.

A Palo Alto Networks blog says WireLurker was used to trojanise 467 OS X applications on Chinese third-party app store, Maiyadi.

“In the past six months, these 467 infected applications were downloaded over 356,104 times and may have impacted hundreds of thousands of users,”

Ryan Olson, Palo Alto Networks intelligence director, Unit 42, says WireLurker is unlike anything seen before in terms of Apple iOS and OS X malware.

“The techniques in use suggest that bad actors are getting more sophisticated when it comes to exploiting some of the world’s best-known desktop and mobile platforms.”

Palo Alto Networks is recommending a number of actions Apple users can take to mitigate the threat from WireLurker and similar threats, including enterprises routing mobile device traffic through threat prevention systems using mobile security applications, and employing an antivirus or security protection product for the Mac OS X system and keeping its signatures up-to-date.

The company also recommends ensuring ‘Allow apps downloaded from Mac App Store (or Mac App store and identified developers)’ is set in the OS X System Preferences panel, under security and privacy.

Users should also avoid downloading and running Mac applications or games from third-party app stores, download sites or any other untrusted sources and keep the iOS version up-to-date.

Other recommendations from Palo Alto Networks are:

- Do not accept any unknown enterprise provisioning profile unless an authorised, trusted party (eg your IT corporate help desk) explicitly instructs you to do so
- Do not pair your iOS device with untrusted or unknown computers or devices
- Avoid powering your iOS device through chargers from untrusted or unknown sources
- Similarly, avoid connecting iOS devices with untrusted or unknown accessories or computers (Mac or PC)
- Do not jailbreak your iOS device. If you do jailbreak it, only use credible Cydia community sources and avoid the use or storage of sensitive personal information on that device

Wine firm uses AR to tell its story right on the bottle
A Central Otago wine company is using augmented reality (AR) and a ‘digital first’ strategy to change the way it builds its brand and engages with customers.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
Protecting organisations against internal fraud
Most companies tend to take a basic approach that focuses on numbers and compliance, without much room for grey areas or negotiation.
Telesmart to deliver Cloud Calling for Microsoft Teams
The integration will allow Telesmart’s Cloud Calling for Microsoft Teams to natively enable external voice connectivity from within Teams collaborative workflow environment.
Jade Software & Ambit take chatbots to next level of AI
“Conversation Agents present a huge opportunity to increase customer and employee engagement in a cost-effective manner."
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
GirlBoss wins 2018 YES Emerging Alumni of the Year Award
The people have spoken – GirlBoss CEO and founder Alexia Hilbertidou has been crowned this year’s Young Enterprise Scheme (YES) Emerging Alumni of the Year.
SingleSource scores R&D grant to explore digital identity over blockchain
Callaghan Innovation has awarded a $318,000 R&D grant to Auckland-based firm SingleSource, a company that applies risk scoring to digital identity.