WASHINGTON — A newly discovered family of malware has the capacity to infect iPhones via Apple computers and apps, posing a security threat to devices that have been largely resistant to cybercriminals, according to researchers.
The researchers at Palo Alto Networks, a cybersecurity firm, said the malware shows “characteristics unseen in any previously documented threats targeting Apple platforms”.
It represents “a potential threat to businesses, governments and Apple customers worldwide”, they said. But Palo Alto said the attacks were currently concentrated in China, and that it was still under “active development”.
The malware, named WireLurker, “is capable of stealing a variety of information from the mobile devices it infects and regularly requests updates from the attackers command and control server”, according to a report by the security firm, which added that “its creator’s ultimate goal is not yet clear”.
Although hackers have been able to target “jailbroken” iPhones, which have been modified to accept unauthorised software, this new threat appears as dangerous to devices that have not been modified, the security team said. A Forbes report said on Thursday the malware appeared to be trying to ensnare downloaders of pirated games, among others.
“WireLurker is unlike anything we’ve ever seen in terms of Apple iOS and OS X malware,” said Palo Alto’s Ryan Olson. “The techniques in use suggest that bad actors are getting more sophisticated when it comes to exploiting some of the world’s best-known desktop and mobile platforms.”
According to the researchers, WireLurker malware first infects a Mac computer, which uses the OS X, and then installs itself on iOS devices — iPads or iPhones — when they are connected to the computers via USB ports. Once transferred, WireLurker is then capable of stealing information from the devices it infects.
The malware was traced back to a third-party Chinese app store, which had 467 infected applications downloaded over 356,104 times, potentially affecting hundreds of thousands of users.
“WireLurker monitors any iOS device connected via USB with an infected OS X computer and installs downloaded third-party applications or automatically generated malicious applications onto the device, regardless of whether it is jailbroken,” a report by the security firm said.
“This is the reason we call it ‘wire lurker.’ Researchers have demonstrated similar methods to attack nonjailbroken devices before; however, this malware combines a number of techniques to successfully realise a new breed of threat to all iOS devices.”
Another security researcher, Jonathan Zdziarski, said the new malware suggests a potentially large security issue for Apple devices.
“The bigger issue here is not WireLurker itself,” Zdziarski said in a blog post. “The real issue is that the design of iOS’s pairing mechanism allows for more sophisticated variants of this approach to easily be weaponised,” he said.
“While WireLurker appears fairly amateur, an NSA (US’s National Security Agency) or a GCHQ (Britain’s surveillance agency), or any other sophisticated attacker could easily incorporate a much more effective (and dangerous) attack like this.”