{"id":33550,"date":"2014-11-06T15:07:14","date_gmt":"2014-11-06T23:07:14","guid":{"rendered":"http:\/\/www.intego.com\/mac-security-blog\/?p=33550"},"modified":"2016-02-12T10:47:51","modified_gmt":"2016-02-12T18:47:51","slug":"wirelurker-malware-infects-macs-attacks-non-jailbroken-iphones","status":"publish","type":"post","link":"https:\/\/www.intego.com\/mac-security-blog\/wirelurker-malware-infects-macs-attacks-non-jailbroken-iphones\/","title":{"rendered":"WireLurker Malware Infects Macs, Attacks Non-Jailbroken iPhones"},"content":{"rendered":"

\"WireLurker<\/a><\/p>\n

The handwriting is on the wall and it\u2019s been there for many years now. Apple devices and Macs can get malware, just like any other machine. There. Somebody had to say it.<\/p>\n

For a while now, people have felt a sense of security because they\u2019re on an operating system that doesn\u2019t inspire hundreds of thousands of new malware attacks per day. But the total number of malicious threats\u00a0crawling around the Internet waiting to infect your Mac is less important than this simple fact: It only takes one to ruin your day.<\/p>\n

Virus hunters have uncovered a new family of Mac malware, called \u201cWireLurker,\u201d which they say has infected hundreds of thousands of Apple devices already.<\/p>\n

WireLurker malware affects Apple devices and attacks\u00a0iOS devices as well\u2014and here\u2019s the kicker: This is the first malware that can infect iPhones that have not been jailbroken.<\/p>\n

Before we go any further, let’s cut to the chase: No, you aren’t at risk of infecting your Mac or iOS device with this current malware\u2014unless you do some really risky\u00a0things (see “What Apple users do to get infected by WireLurker” section below). This malware depends on you personally bypassing a whole bunch of built-in security contained in both Macs and iOS devices. In some ways this is akin to\u00a0having 15 deadbolts on the front door of your house yet\u00a0leaving the door wide open when you leave for work.<\/p>\n

How\u00a0WireLurker attacks non-jailbroken iPhones<\/h3>\n

WireLurker can install third-party applications on non-jailbroken iPhones and can attack iOS devices through Mac OS X computers by way of USB connections or USB cables, according to security researchers<\/a> at Palo Alto Networks:<\/p>\n

\u201cWireLurker was used to trojanize 467 OS X applications on the Maiyadi App Store, a third-party Mac application store in China. In the past six months, these 467 infected applications were downloaded over 356,104 times and may have impacted hundreds of thousands of users.\u201d<\/p><\/blockquote>\n

\"WireLurker

Image credit: Palo Alto Networks<\/p><\/div>\n

Once computers are infected, WireLurker spreads to non-jailbroken iOS devices that connect to the Mac over USB, rewriting existing programs on the device through binary file replacement. The malware uses a popular library called libimobiledevice to interact with iOS devices through USB connections. “This third-party open source software library implements the iTunes protocol stack for communication between a computer and iOS device,” according to the researchers white paper.<\/p>\n

\n

Everything I've read so far in the WireLurker white paper seems not only completely plausible, but easy to pull off with libimobiledevice.<\/p>\n

— Jonathan Zdziarski (@JZdziarski) November 6, 2014<\/a><\/p><\/blockquote>\n