New OS X and iOS malware exhibits unique capabilities
10 November 2014 | 0
A new family of Apple OS X and iOS malware exhibiting characteristics unseen in any previously documented threats targeting Apple platforms has been discovered by Palo Alto Networks.
This new family, dubbed ‘WireLurker’, marks a new era in malware, say the discoverers, across Apple’s desktop and mobile platforms, representing a potential threat to businesses, governments and Apple customers worldwide.
According to Palo Alto Networks WireLurker represents the first known malware family that can infect installed iOS applications similar to how a traditional virus would. It is the first ‘in-the-wild’ malware family that can install third-party applications on non-jailbroken iOS devices through enterprise provisioning.
Furthermore, it is reported to be only the second known malware family that attacks iOS devices through OS X via USB. It is also the first malware family to automate generation of malicious iOS applications through binary file replacement.
“WireLurker is unlike anything we’ve ever seen in terms of Apple iOS and OS X malware,” said Ryan Olson, intelligence director, Unit 42, Palo Alto Networks. “The techniques in use suggest that bad actors are getting more sophisticated when it comes to exploiting some of the world’s best-known desktop and mobile platforms. As such we have provided full protection to Palo Alto Networks customers and published a detailed report so others can assess the risk and take appropriate measures to protect themselves.”
The WireLurker malware was discovered by Claud Xiao of Unit 42, the Palo Alto Networks threat intelligence team, and detailed in a report entitled, “WireLurker: A New Era in OS X and iOS Malware.”
Following its initial observation in the wild in June by a developer at Tencent, Palo Alto Networks researchers have determined WireLurker’s potential impact, assessed the methods available to prevent, detect, contain and remediate the threat, and detailed the protections available for Palo Alto Networks customers.
Palo Alto Networks has released signatures to detect all WireLurker Command and Control communication traffic. It is recommended that customers using OS X or iOS devices deploy a strict policy for blocking WireLurker traffic using the Palo Alto Networks enterprise security platform. A full list of system recommendations, remediation techniques and best practices is included in the WireLurker report.