Menu
WireLurker attacks against iOS devices also launched from Windows PCs

WireLurker attacks against iOS devices also launched from Windows PCs

Researchers find Windows applications designed to infect iOS devices with an older WireLurker malware variant

Attackers have used rogue applications for both OS X and Windows to infect iPhones and iPads in China with a malware program that steals contact information and other private data.

Researchers from Palo Alto Networks recently reported that the malware, dubbed WireLurker, was being installed on both jailbroken and non-jailbroken iOS devices when those devices were connected to Mac OS X systems that were running trojanized applications.

The researchers initially found that 467 OS X applications on a Chinese third-party Mac application store called Maiyadi had been modified and repackaged to push WireLurker onto iOS devices. Since then, they have also found 180 Windows applications designed to infect iOS devices connected to Windows PCs with an older variant of WireLurker.

The WireLurker-carrying Windows programs were hosted, together with 67 similar OS X apps, under an account on a cloud storage service run by Chinese Internet company Baidu. The applications were uploaded in March and were advertised as installers for popular iOS apps such as Facebook, WhatsApp, Twitter, Instagram, Minecraft, Flappy Bird and others.

"Between March 13 and today these programs have been downloaded 65,213 times, with 97.7 percent of the downloads being the Windows version," the Palo Alto Networks researchers said in a blog post Thursday.

Each of the Windows executable files had two IPA (iOS application archive) files bundled inside. One was the pirated version of the legitimate iOS app promised to users and the other was the WireLurker malware, the researchers said.

It seems that this older attack was not as successful as the latest one and only targeted jailbroken iOS devices. When executed, the Windows or OS X applications displayed a graphical interface that asked users to install iTunes and then connect their iOS devices to the computer. Users then had to click the install button when ready.

The Palo Alto Networks researchers ran tests with an iPhone 5s running iOS 7.1 and a 3rd-generation iPad running iOS 6 -- both jailbroken -- and found that the installer apps crashed or reported successful installations when no apps were installed on the iOS devices.

"We believe this failure was caused by poor coding quality and incompatibility between the malware and the iOS device, but the malware code does attempt the installation," the researchers said.

One interesting aspect of the attack is that the older WireLurker variant had binary code for three different architectures: 32-bit ARMv7, 32-bit ARMv7s and 64-bit ARM64.

"As far as we know, this is the first iOS malware that attacks the ARM64 architecture," the Palo Alto Networks researchers said.

Regardless of how successful this older attack was, it serves as a reminder that WireLurker-style infections can originate from any computer that iOS devices connect to, not just Macs. This is something that security researchers have warned about before.

Since the original report earlier this week, Apple said that it has taken action to block the malicious apps from launching.

Subscribe here for up-to-date channel news

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags palo alto networksApplesecuritymobile securityspywaremalware

Featured

Slideshows

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

​Ingram Micro’s Hooked on Lenovo incentive programme recently rewarded 28 of New Zealand's top performing resellers with a full-on fishing trip at Great Barrier Island for the third year​ in a row.

Tight lines as Hooked on Lenovo catches up at Great Barrier Island
Inside the AWS Summit in Sydney

Inside the AWS Summit in Sydney

As the dust settles on the 2017 AWS Summit in Sydney, ARN looks back an action packed two-day event, covering global keynote presentations, 80 breakout sessions on the latest technology solutions, and channel focused tracks involving local cloud stories and insights.

Inside the AWS Summit in Sydney
Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Ingram Micro hosted its third annual Cure Kids Charity Golf Tournament at the North Shore Golf Club in Auckland. In total, 131 resellers, vendors and Ingram Micro suppliers enjoyed a round of golf consisting of challenges on each of the 18 sponsored holes, with Team Philips taking out the top honours.

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day
Show Comments