Slashdot Mirror
WireLurker Mac OS X Malware Found, Shut Down
msm1267 writes WireLurker is no more. After causing an overnight sensation, the newly disclosed family of Apple Mac OS X malware capable of also infecting iOS devices has been put to rest. Researchers at Palo Alto Networks confirmed this morning that the command and control infrastructure supporting WireLurker has been shut down and Apple has revoked a legitimate digital certificate used to sign WireLurker code and allow it to infect non-jailbroken iOS devices.
Researchers at Palo Alto Networks discovered and dubbed the threat WireLurker because it spreads from infected OS X computers to iOS once the mobile device is connected to a Mac via USB. The malware analyzes the connected iOS device looking for a number of popular applications in China, namely the Meitu photo app, the Taobao online auction app, or the AliPay payment application. If any of those are found on the iOS device, WireLurker extracts its and replaces it with a Trojanized version of the same app repackaged with malware.
Patient zero is a Chinese third-party app store called Maiyadi known for hosting pirated apps for both platforms. To date, Palo Alto researchers said, 467 infected OS X apps have been found on Maiyadi and those apps have been downloaded more than 350,000 times as of Oct. 16 by more than 100,000 users.
Researchers at Palo Alto Networks discovered and dubbed the threat WireLurker because it spreads from infected OS X computers to iOS once the mobile device is connected to a Mac via USB. The malware analyzes the connected iOS device looking for a number of popular applications in China, namely the Meitu photo app, the Taobao online auction app, or the AliPay payment application. If any of those are found on the iOS device, WireLurker extracts its and replaces it with a Trojanized version of the same app repackaged with malware.
Patient zero is a Chinese third-party app store called Maiyadi known for hosting pirated apps for both platforms. To date, Palo Alto researchers said, 467 infected OS X apps have been found on Maiyadi and those apps have been downloaded more than 350,000 times as of Oct. 16 by more than 100,000 users.
You mean jailbroken iOS devices downloading pirated software from a dodgy store?
Non-jailbroken devices that don't have this store available are immune to this, as this malware isn't coming from Apple's store.
"RTFA, please. This didn’t require jailbreaking to infect the phone."
Non-jailbroken phones were never 'infected.' WireLurker simply loaded a harmless comic book app on non-jailbroken devices. Since WireLurker didn't jailbreak your device, it was limited to the iOS sandbox.
This wasn't even malware for non-jailbreak devices. The user was prompted to install an enterprise app, and had the ability to allow/deny. The app itself was harmless. The only malware was for jailbroken devices.
Really, the story here is that the malware was signed by a valid certificate. This basically means the certificate system is worthless. That is a far bigger threat than any single malware.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.