Apple earned its sterling reputation for device security in part because iOS hadn't been hacked by malware. However, the company's reputation recently took a hit when a new strain of malware called "WireLurker" found an ingenious way into the Apple OS.
Palo Alto Network's research center reports that WireLurker is the first in-the-wild malware that's been able break through Apple's security and install third-party apps on iOS devices. Does this mean that Apple's security reputation has bit the dust? Not quite.
As it turns out, this malware has only spread through the Maiyadi App Store, a third-party (not approved by Apple) site in China. None of Apple's approved app stores have posted this malware, which means that the average user who sticks to secure sites is still safe.
But that isn't to say that WireLurker is a small threat. Over 300,000 users have downloaded infected applications from the Maiyadi site.
The significance of WireLurker malware is how novel its approach to hacking users is. To understand this new threat (and why it might be a harbinger of future attacks), let's take a closer look at how it works.
Mobile Malware Watch: How WireLurker Works
WireLurker spreads to a device when a user attaches their device via USB to an infected computer. In order for one of your clients to be infected, they would need to download an infected app from a third-party site. Once this app is on their computer, it can spread to mobile devices attached via USB.
After WireLurker has spread to an iPhone or iPad, the real damage begins. The malware can download apps and begin stealing data from the user's phone, potentially leading to a data breach.
Security experts are exploring...
- How many computers WireLurker has compromised. It's hard to say. One way to judge the size of a malware attack is to see how much data has been stolen.
- What the authors of WireLurker are waiting for. They've been silent and haven't actually initiated a significant amount of data theft.
Cyber criminals know that the minute they start to steal data, security researchers will follow their trail. Hackers often prefer to slowly spread malware, waiting until the time is right to strike and harvest a bunch of data at once.
Takeaways: What WireLurker Malware Teaches IT Consultants
A program or platform is only secure until it is hacked. Given enough time, cyber criminals will find ways past security, including sneaking in through USB connections. This malware outbreak – though limited to Chinese app downloads – offers important reminders for IT consultants and their clients, including these five takeaways:
- Don't trust third-party app sites.
- Pirated software and spoof apps come with serious risk.
- We might see new USB-based attacks that are extremely hard to quarantine (for more on USB hacks, read the post, "'BadUSB' Code Reminds Us All to Stay Paranoid").
- Keeping iOS software up-to-date can prevent the spread of malware.
- Don't pair devices with untrusted computers or use public charging stations.
The WireLurker malware serves as an important reminder that nothing is permanently safe and threats are always evolving. Awareness of security risks is the best defense against malware and hacking.
