Security researchers at Palo Alto Networks say they’ve uncovered a new malware campaign targeting Macs and iOS that is the “biggest in scale” it has ever seen. Dubbed WireLurker, the malware has infected more than 400 apps in the Maiyadi App Store, a third-party Mac app store in China.
In the last six months, researchers say 467 infected applications have been downloaded 356,104 times, and “may have impacted hundreds of thousands of users.” The scary part is, the malware can be transmitted to a connected iOS device via USB, regardless of whether or not it’s jailbroken.
“WireLurker monitors any iOS device connected via USB with an infected OS X computer and installs downloaded third-party applications or automatically generated malicious apps onto the device, regardless of whether it is jailbroken. This is the reason we call it wire lurker,” researchers said.
Once WireLurker is installed on a Mac, the malware listens for a USB connection to an iOS device, and immediately infects it. From there, it is capable of collecting information such as contacts and iMessages, as well as receiving updates. It’s unclear at this point what the “ultimate goal” is here.
Palo Alto Networks recommends that users avoid downloading Mac apps and games from third-party app stores, websites and other untrusted sources. It also suggests that users avoid pairing their iOS devices with unknown computers, or charging with charges from unknown/untrusted sources.
While we have seen a handful of instances of iOS malware in recent months, this is one of the first we’ve seen infecting non-jailbroken devices.