Palo Alto Networks has publicly released evidence of a new family of malware called WireLurker that threatens the integrity of iOS and OS X devices. According to the young security company founded in 2005 from California, this is the largest scale attack on OS X through trojan-infected applications. The first evidence of the malware is from May 2014.In order for the WireLurker malware to be effective, both an iOS device (iPhone, iPad) and an OS X device (Macintosh) must be present.
All of the 467 applications that are vulnerable are from a third-party Mac application store from China called Maiyadi. Between all of the applications, there were a total of 356,104 downloads.
The WireLurker malware has the ability to install third-party iPhone and iPad apps onto iOS devices that aren't normally in the Apple app store. Normally, only jailbroken devices would be able to download these apps, but if a computer with OS X has one of the 467 infected Mac apps, the malware can spread laterally to iDevices via USB connections (this is why it's called WireLurker). Once installed, "WireLurker is capable of stealing a variety of information from the mobile devices it infects."
Palo Alto Networks has not been able to attribute a desired goal for the malware creators, so at this point it seems to be collecting zombies for a bot net controlled by a command and control (C2) server.
In the past, Apple has removed malware infested apps from the App Store immediately following their discovery. This means that WireLurker is currently the only known malware for Apple's mobile devices. The best way to be proactive in securing your device is to avoid downloading apps from the Maiyadi app store and stay tuned for the latest security patches on both iOS and OS X.
You can read the official press release by Palo Alto Networks here, or download the full report here.
