Apple released a statement today saying that it is aware of the newly discovered WireLurker malware that targets Macs and iOS devices, and it has taken action. “We’ve blocked the identified apps to prevent them from launching,” a spokesman for the company told the Wall Street Journal.
Yesterday security researchers at Palo Alto Networks published a report saying they had discovered a new malware targeting Macs and iOS that is the “biggest in scale” it has ever seen. They named the malware “WireLurker” for its ability to jump from infected Macs to iOS devices over USB.
The bug itself is pretty interesting, as it sits on a Mac and listens for iOS devices connecting via USB. Once one has connected, it has the ability to install potentially malicious third-party applications on the device, regardless of whether or not it is jailbroken—making it one of the first of its kind.
Researchers say 467 infected apps have been downloaded over 350,000 times in the last 6 months, impacting “hundreds of thousands of users.” The issue has thus far been mostly contained to the Maiyadi App Store, a third-party Mac app store in China that offers pirated games and software.
While many publications have dubbed WireLurker “a new brand of threat,” it seems that the majority of users have nothing to worry about. It’s contained, Apple is aware of it, and it relies on a USB connection for delivery—a practice that has gone by the wayside for most folks in recent years.
If you’re truly worried about it, Palo Alto Networks recommends that you stay away from third-party app stores, websites and other untrusted sources. It also suggests that users avoid pairing their iOS devices with unknown computers, or charging with chargers from unknown/untrusted sources.