Palo Alto Networks Inc. has discovered a new form of iOS malware called WireLurker which uses infected OSX machines connected to iPhones and iPads to infect a mobile device. The malware was first detected in China after being distributed on the Maiyadi App Store, which acts as a third-party application provider for OSX computers. Most people think that bugs, flaws and malware are a typically Windows problem, but not so anymore with this being the third malware for Apple being reported in the last two months.
Wirelurker works in a manner similar to other cases of iOS malware that have been spotted recently, sneaking onto a user’s device not through the air. This one, however, sneaks on to users’ device through an infected desktop after the phone or tablet is plugged in via the USB port.
Since Apple takes many stable and trusted security precautions to make sure that their devices are almost immune to any malware attacks or any other threats, this seems to be the only available attack path to anyone who wants to get malware into the mobile OS as of now.
“WireLurker monitors any iOS device connected via USB with an infected OS X computer and installs downloaded third-party applications or automatically generated malicious applications onto the device, regardless of whether it is jailbroken”, said Claud Xiao of Palo Alto Networks.
“This is the reason we call it “wire lurker”. Researchers have demonstrated similar methods to attack non-jailbroken devices before; however, this malware combines a number of techniques to successfully realize a new brand of threat to all iOS devices.”
The WireLurker is “capable of exporting your serial number, phone number, model number, device type, your Apple ID, UDID, WiFi address, and disk usage information,” reports HotHardware.
According to the research team, WireLurker doesn’t necessarily break new ground as far as its methods, but it’s rare to see a product that targets non-jailbroken devices. Currently, no major virus scanners or websites properly identify WireLurker infection, though the Palo Alto team has written a script that can do so, located here.