iOS malware discovered on unofficial Chinese download sites
10 November 2014
Alert Priority Low
Researchers have discovered malware that affects Apple iOS devices such as iPhones and iPads connected via USB to an infected Mac OSX computer.
WireLurker, as it is called, is among just a few examples of malware that has been able to effectively target iOS devices. As a result, it has received significant media coverage. Apple has blocked apps identified as having the malware, and currently, the malware has been limited to fake apps on a third party download site, that is known to host pirated software, for Chinese users.
Although this is unlikely to affect Australian iOS users, it is a reminder that downloading pirated apps or software from untrusted sources is risky. It is also a reminder about the increasing attention Apple products receive from attackers.
WireLurker is a form of malware called a Trojan, which can infect desktop or laptop computers if a fake app, hosted on the Chinese site, is downloaded. It then attempts to target and infect any iOS device connected to the computer via USB.
Malicious versions of well-known apps included Angry Birds, The Sims 3, International Snooker 2012, International Soccer 2014, Spider 3 and Bejeweled 3.
Once installed on your computer, the malware waits for you to connect your iPad or iPhone, before copying itself (or automatically generating malicious apps) on to your device. The malware can attempt to read and send your device’s serial number, phone number or other identifying information to a remote server controlled by the criminals.
If your device is jailbroken (modified to enable unofficial apps to be installed) other parts of the malware are installed and may attempt to extract information such as your message history, files, and address book.
An older strain of WireLurker has also been identified which targeted devices connected to Windows computers. The Windows version is older and less effective than the Mac OSX version. The Windows version has had very limited impact.
Apple has blocked these malicious apps, and most antivirus vendors have updated their products to address WireLurker malware. There is a very limited possibility of being affected by this malware.
Do not download software or apps from untrusted sources. Sticking with Apple’s AppStore helps protect against downloading malicious software.
Use security software for your computer and devices.
Keep your system up-to-date.
Do not Jailbreak your device.
Do not connect or pair your device with untrusted computers.
Stay Smart Online contains more information on securing your mobile phone and other devices.
The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.
Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.
This information has been prepared by Enex TestLab for the Department of Communications ('the Department'). It was accurate and up to date at the time of publishing.
This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.
The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.
Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.
Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.