For a long time, Apple products have benefited from being unpopular. When compared to their Windows PC counterparts, iMacs and Macbooks make up only a sliver of global computers (~4%). It makes sense, then, that Windows computers are the target of hackers far more frequently, requiring Windows users to use round-the-clock antivirus solutions. Unfortunately, as Apple products become more popular, this “security through obscurity” approach is showing some cracks. Sure, both OSX and iOS have baked-in features that might make them more secure than Windows, but no computer security holds up for long against enterprising minds when there’s money to be made.
Enter Wirelurker. As reported today by PaloAlto Networks, Wirelurker is a nasty piece of malware currently targeting Chinese Apple users. Wirelurker will find its way into OSX if the user downloads infected software or, more worryingly, if the user plugs in an infected USB drive. More worryingly, Wirelurker can infect an iPhone if it gets plugged into an infected computer, allowing that iPhone to infect other computers it comes in contact with.
For American Apple users, those no immediate threat since the source vector is restricted to Chinese users. Chinese OSX and iOS users are at risk because they commonly “sideload” software onto their Apple products using a Chinese specific AppStore, the Maiyadi App Store. According to PaloAlto, Wirelurker has infected 467 Apps on the Maiyadi App Store and these Apps have been downloaded more than 356,000 times. Wirelurker can even infect through counterfeit mag-safe chargers. With a disease that can spread this easily, global users are at risk of infection. Wirelurker won’t rest in China for long.
Wirelurker is the first of its kind in a number of alarming ways. It’s the first to “trojanize” downloadable applications by replacing their binaries with an infected version. It’s the first to infect already installed, previously safe applications. And it’s the first malware that can install 3rd party applications on non-jailbroken devices. Once infected, Wirelurker can potentially read your sensitive data, including contacts. Not one to rest on its laurels, Wirelurker is regularly uses your internet connection to send data to its motherbase, as well as receive code updates. Yikes.
This is the largest scale infection every reported by PaloAlto Networks. Although the virus has infected hundreds of thousands of users, pumping constant data to the developer’s, their end game is still unknown. The infectivity of WireLurker is unparalleled and, although Chinese users are the primary target, it’s hard to imagine it staying that contained for long.
To try to protect yourself from Wirelurker and other emerging OSX threats, there are a few simple things you can do:
- Use an antivirus and keep it up to date.
- Do not download applications from 3rd party sources.
- Only get your goodies from the AppStore.
- Keep iOS (for portables) and OSX (for Macbooks and iMacs) up to date.
- Do not pair your device with untrusted networks or unknown accessories.
- Do not jailbreak your iOS device. If you do jailbreak, research before you install anything.
If your Apple product already has malware, is running sluggishly, or needs to be updated schedule an in-home visit with Poindexter. Don’t leave your prized Apple product to the wolves – call or schedule a professional consultation today!