"WireLurker is unlike anything we’ve ever seen in terms of Apple iOS and OS X malware.”
These were the words of Ryan Olson, intelligence director of Palo Alto Networks' security team Unit 42, as the company revealed the most significant malware threat to iOS ever uncovered.
The security industry is no stranger to exaggeration, but the fact that the mobile malware boom which has blighted Android for many years now appears to have breached Apple’s iOS platform is certainly notable.
Apple’s closed-wall approach to iOS, which means that every app is vetted before it is made available, has been called one of the largest successes by the security community.
This has meant that, despite its huge popularity, and therefore interest to cyber criminals, iOS has remained free from mobile scams, leaving people at liberty to use their device without worry. It has also helped to reassure many IT teams about iOS use in the enterprise.
All this appears to have changed with the discovery of WireLurker. Yet, it’s not the fault of iOS, but of its desktop stable mate, Mac OS X.
Mac OS proves the weak link
Palo Alto Network’s discovery revealed that the WireLurker malware had been injected into 467 OS X applications offered via a third-party website hosted in China called Maiyadi App Store.
These 467 infected applications were downloaded over 356,104 times in the past six months. The real problem, though, is that once on Mac OS X machines the WireLurker malware is able to ‘jump’ to iOS devices.
“WireLurker monitors any iOS device connected via USB with an infected OS X computer and installs downloaded third-party applications or automatically generated malicious applications onto the device, regardless of whether it is jailbroken," said Palo Alto Networks in its report.
It’s not clear who is behind the malware, or for what purpose it has been created, but whoever it is clearly knows their onions.
“WireLurker exhibits complex code structure, multiple component versions, file hiding, code obfuscation and customised encryption to thwart anti-reversing,” noted Palo Alto Networks.
"WireLurker is capable of stealing a variety of information from the mobile devices it infects and regularly requests updates from the attacker's command and control server. This malware is under active development and its creator’s ultimate goal is not yet clear.”
Apple has reacted by blocking the apps identified as containing the malware from launching on its devices. The firm also urged Mac users to avoid using third-party apps stores, something that its iOS platform does not suffer from.
Mobile the holy grail
For Apple, though, there will undoubtedly be concerns that crooks have found a way to breach iOS.
Kevin Mahaffey, co-founder and chief technology officer of mobile security firm Lookout, said this proved that mobile is the holy grail for cyber criminals.
“What's interesting here is that malware attacked a PC in order to gain access to a mobile device, not to attack the PC. It's yet another sign that mobile is becoming the dominant computing platform,” he said.
Apple is also a victim of its own success. As the company has grown in China to become one of the most popular mobile firms in the country, it has inevitably generated more interest from hackers, as Mahaffey noted.
“Historically, attackers have focused their efforts on Android, given its popularity. Now, as the number of iOS devices has grown, especially in geographies where malware tends to originate, iPhones and iPads have become attractive attack targets as well,” he said.
David Emm, principal security researcher at Kaspersky, suggested that the WireLurker discovery should be a wake up call to IT teams that they should give as much thought to iOS as they do any other operating system.
"I think it’s important to include all platforms used in the enterprise within the corporate security strategy, rather than assuming that one or other of them may be immune to attack," he told V3. "This includes iOS."
In light of all these new threats, iPhone users are being given advice on avoiding malware, something that many will never have had to consider before.
Palo Alto Networks said the key is to avoid downloading any third-party Mac OS X software, never pair iOS devices with unknown computers and other devices, and even to avoid using unknown chargers and cables.
The challenge for Apple will be to ensure that this new discovery doesn't open the floodgates to malware and other nasty threats to the iOS platform.
Failing to do this could leave iOS just as vulnerable as Android, leaving most of the smartphone world at risk from mobile mobsters.
V3 looks at how the world's most popular programming languages have evolved over the last 50 years - from Fortran to Swift
IBM software case reminiscent of TSMC trade secrets theft claim
iPhone 8 specs, release date, price, features, basically everything! But will it have a curved display?
CISO pay boom as security become a boardroom concern