Researchers say WireLurker represents "a new era in iOS and OS X malware"
Researchers have discovered new malware affecting iPhones that are connected to computers infected by corrupted files. It's called WireLurker, and it's not yet clear what its creator plans to accomplish through its spread.
Palo Alto Networks, the research group that discovered the malware, describes it as a "new era in iOS and OS X malware." It's said to have "trojanized" some 467 applications in the Maiyadi app store, and those applications have been downloaded 356,104 times in the last six months, leading Palo Alto Networks to estimate it "may have impacted hundreds of thousands of users."
The interesting thing about WireLurker is its ability to install applications on iPhones that haven't been jailbroken, which allows their users to download software from outside the App Store, through a tool meant to help enterprise companies distribute apps to their employees.
Right now it seems that the malware is being used to install a third-party comic book app and steal financial information from Alibaba's auction and payments applications on jailbroken devices. WireLurker is being actively updated, though, and Palo Alto Networks warns that it could eventually be used to gather valuable information from an infected phone's applications.
The only way to avoid WireLurker is to refrain from downloading software from third-party sources on iPhones, iPads, or Macs. (It doesn't seem like the malware can be spread from a connection to a Windows computer, at least not yet.) Looks like hackers have given consumers even more reason to stick with official application stores, just like I wrote back in September:
I understand the issue with being restricted to a single marketplace. I’m also worried that the who-knows-how-many dollars I’ve spent in the Kindle Store will have gone to waste when Amazon’s decision to avoid making a profit finally comes back to bite Jeff Bezos in the ass. I’m not a fan of being told where to buy something, or of the restrictions on where I can use it.
But it should be easier than ever to see why companies are able to convince consumers that their options are limited for their own benefit. Better the devil — and his marketplace — you know than the devils (and their malicious code) that you don’t. [illustration by Brad Jonas]