Apple iPhones and iPads, previously believed by users to be relatively impervious to malware, are now at risk from a major security threat.
Palo Alto Networks says it has discovered the first example of a serious piece of iOS malware, and that the so-called WireLurker virus has already infected hundreds of thousands of devices in the wild.
Not only that, but it transpires the virus can also attack Windows devices.
According to Palo Alto Networks’ research, WireLurker resides in OS X on an Apple computer, and immediately begins monitoring any iOS device (iPhone or iPad) connected to the infected system via a USB cable.
The device does not have to be jailbroken – the act of removing Apple’s restricted access to many of an iOS device’s internal systems, and which has been the greatest source of protection for devices so far – in order to be infected.
Once WireLurker gets into an iPhone or iPad, Palo Alto says it is “capable of stealing a variety of information from mobile devices it infects”, and this is said to include call logs and phonebook contents.
Palo Alto estimates that 467 applications were initially infected in China’s Maiyadi App Store – a third-party store – and that these apps were downloaded 356,104 times. The potential infection level from here is estimated in the hundreds of thousands.
WireLurker is technically the second – not the first – USB-spread iOS malware, but is the first to be able to automate generation of malicious iOS applications, through binary file replacement.
Palo Alto has also now revealed that WireLurker also exists in a Windows executable form and, though an older version, can also infect USB-connected iOS devices in the same way.
“Samples of this older variant display a user interface and are advertised as an installer for specific pirated iOS apps. Between March 13 and today these programs have been downloaded 65,213 times, with 97.7 per cent of the downloads being the Windows version. Like the latest WireLurker, this variant tries to infect jail-broken iOS devices with the WireLurker iOS malware,” said Palo Alto Networks on a blog.
Palo Alto has open sourced a project on Github that it advises those affected to consult in order to find options to remove and protect against WireLurker.