Bad Apple: New Malware Targeting OS X, iOS Devices

Chuck Bednar for redOrbit.com – Your Universe Online
Up to 800 million devices running Apple’s iOS mobile operating system and OS X for Macs could be vulnerable to a new malware program that can be contracted through a simple USB connection.
According to Brett Molina and Elizabeth Weise of USA Today, the virus known as WireLurker was discovered by security researchers at Palo Alto Networks. It is currently limited to users in China who downloaded infected apps via a third-party app store in that country, but experts are concerned that it could spread in the wake of this “proof of concept” example, they added.
In a Wednesday blog post, Claud Xiao of Palto Alto Networks explained that the WireLurker family of malware has been targeting Apple devices for the past six months, and that it had been used to trojanize 467 OS X applications that had been downloaded more than 350,000 times, potentially impacting hundreds of thousands of Apple users.
Xiao added that WireLurker is the largest-scale program of its kind to ever be distributed through trojanized or repackaged OS X applications and the second known malware family that attacks iOS devices through OS X via USB. Furthermore, it is reportedly the first virus to automate generation of malicious iOS apps through binary file replacement and the first confirmed to infect installed iOS apps using methods similar to traditional viruses.
Furthermore, according to MarketWatch reporter Barbara Kollmeyer, WireLurker monitors any mobile Apple gadget that is connected to an infected OS X computer via USB and downloads third-party apps onto the device whether it is jailbroken or not. The virus is still under active development and is capable of stealing a variety of information from infected devices and requesting server updates. The purpose of the program is currently unknown.
“For now, average U.S. users who avoid unvalidated apps and software shouldn’t have an issue with WireLurker,” Damon Beres of the Huffington Post reported on Thursday. “But experts say the case is the first-known example of malware that can infect installed apps like a ‘traditional virus,’ even on devices that aren’t jailbroken – setting a troubling precedent of malicious software worming its way onto phones that users haven’t necessarily altered in an unsafe way.”
Beres contacted an Apple spokesperson via email, and the iPhone and iPad maker said that it was “aware” of the issue and that it had “blocked the identified apps to prevent them from launching. As always, we recommend that users download and install software from trusted sources.” However, Kevin Mahaffey, co-founder of security technology service Lookout, said he was concerned that WireLurker could represent a dangerous new malware trend.
“What’s interesting here is that malware attacked a PC in order to gain access to a mobile device, not to attack the PC – yet another sign that mobile is becoming the dominant computing platform,” Mahaffey said in a statement provided to The Huffington Post by his company via email. “Now, as the number of iOS devices has grown, especially in geographies where malware tends to originate, iPhones and iPads have become attractive attack targets as well.”
In order to keep your device safe, Xiao suggests that businesses should make sure that their mobile device traffic is routed through a threat prevention system, and that their Mac OS X systems have up-to-date antivirus and security software. Users should also avoid downloading and running Mac apps and games from third-party stores or other untrusted sites, and to make sure that their mobile devices are running the latest version of iOS software.
“Do not accept any unknown enterprise provisioning profile unless an authorized, trusted party… explicitly instructs you to do so,” Xiao added. “Do not pair your iOS device with untrusted or unknown computers or devices. Avoid powering your iOS device through chargers from untrusted or unknown sources. Similarly, avoid connecting iOS devices with untrusted or unknown accessories or computers (Mac or PC).”
—–
For More Mac Tips and Tricks – Visit our partner site to speed up your mac

—–
Shop Amazon – Contract Cell Phones & Service Plans
—–
Follow redOrbit on Twitter, Facebook and Pinterest.