Hackers are targeting Apple mobile and desktop users with malicious software in order to damage or steal information, a Silicon Valley security company said Wednesday. The malware has been targeting the iPhone iOS systems for the past six months.
Palo Alto Networks, the company that has discovered the attack, nicknamed the hacking campaign “Wirelurker” and called it “the biggest in scale we have ever seen” against Apple mobile and desktop users. Wirelurker has infected over 450 apps that are sold through a third-party iPhone application store in China called the Maiyadi App Store. The infected apps have been downloaded over 356,104 times in the last six months, Palo Alto Networks said, and “may have impacted hundreds of thousands of users.”
Why it might not be the end of the world. Wirelurker originates on apps downloaded through the third-party Maiyadi app store. You have to “jailbreak” your phone in order to make it allow it access to third-party app stores. Here’s the rub: Most Apple users simply download apps from the official App Store. So if you’re just doing your thing and downloading apps through Apple, you’ve greatly reduced your exposure to Wirelurker and other malware in general.
Why it actually might be the end of the world. Wirelurker is sophisticated, and once it infects a phone, it can travel to uninfected phones through desktop computers. When someone connects an infected iPhone to a computer running OS X via a USB cord, Wirelurker installs itself on the Mac. Then it listens for a USB connection to another iOS device and immediately infects that new device. So even if you’re not using apps from third-party stores, you can still catch Wirelurker that way.
Moreover, it’s not unusual for iPhone users to jailbreak their phones to use third-party app stores. For people who want access to a greater array of apps that might be unavailable through Apple, jailbreaking is an enticing alternative — but you’d know if you have a jailbroken phone.
What Wirelurker actually does. Palo Alto Networks says the “creator’s ultimate goal is not yet clear,” but the New York Times reports that the malware can be used to steal a victim’s address book, read iMessage messages and regularly connect with attackers’ command and control server, which could potentially let them control infected iPhones from afar.
What you can do to avoid it. First, avoid using third-party app stores, download sites or other untrusted sources to download applications or games. That’s where Wirelurker originates.
Second, don’t connect your phone to an untrusted computer, like one at your school or library. If you’re connecting your iPhone to a Mac to either charge or it or share data, and that Mac has been exposed to Wirelurker, you could risk infecting your phone. Stick to known computers only — if you need to charge your phone, plug it into an outlet instead.