Menu
WireLurker attacks against iOS devices also launched from Windows PCs

WireLurker attacks against iOS devices also launched from Windows PCs

Researchers find Windows applications designed to infect iOS devices with an older WireLurker malware variant

Attackers have used rogue applications for both OS X and Windows to infect iPhones and iPads in China with a malware program that steals contact information and other private data.

Researchers from Palo Alto Networks recently reported that the malware, dubbed WireLurker, was being installed on both jailbroken and non-jailbroken iOS devices when those devices were connected to Mac OS X systems that were running trojanized applications.

The researchers initially found that 467 OS X applications on a Chinese third-party Mac application store called Maiyadi had been modified and repackaged to push WireLurker onto iOS devices. Since then, they have also found 180 Windows applications designed to infect iOS devices connected to Windows PCs with an older variant of WireLurker.

The WireLurker-carrying Windows programs were hosted, together with 67 similar OS X apps, under an account on a cloud storage service run by Chinese Internet company Baidu. The applications were uploaded in March and were advertised as installers for popular iOS apps such as Facebook, WhatsApp, Twitter, Instagram, Minecraft, Flappy Bird and others.

"Between March 13 and today these programs have been downloaded 65,213 times, with 97.7 percent of the downloads being the Windows version," the Palo Alto Networks researchers said in a blog post Thursday.

Each of the Windows executable files had two IPA (iOS application archive) files bundled inside. One was the pirated version of the legitimate iOS app promised to users and the other was the WireLurker malware, the researchers said.

It seems that this older attack was not as successful as the latest one and only targeted jailbroken iOS devices. When executed, the Windows or OS X applications displayed a graphical interface that asked users to install iTunes and then connect their iOS devices to the computer. Users then had to click the install button when ready.

The Palo Alto Networks researchers ran tests with an iPhone 5s running iOS 7.1 and a 3rd-generation iPad running iOS 6 -- both jailbroken -- and found that the installer apps crashed or reported successful installations when no apps were installed on the iOS devices.

"We believe this failure was caused by poor coding quality and incompatibility between the malware and the iOS device, but the malware code does attempt the installation," the researchers said.

One interesting aspect of the attack is that the older WireLurker variant had binary code for three different architectures: 32-bit ARMv7, 32-bit ARMv7s and 64-bit ARM64.

"As far as we know, this is the first iOS malware that attacks the ARM64 architecture," the Palo Alto Networks researchers said.

Regardless of how successful this older attack was, it serves as a reminder that WireLurker-style infections can originate from any computer that iOS devices connect to, not just Macs. This is something that security researchers have warned about before.

Since the original report earlier this week, Apple said that it has taken action to block the malicious apps from launching.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags malwaremobile securityApplespywarepalo alto networks

Featured

Slideshows

EDGE 2018: Kiwis kick back with Super Rugby before NZ session

EDGE 2018: Kiwis kick back with Super Rugby before NZ session

New Zealanders kick-started EDGE 2018 with a bout of Super Rugby before a dedicated New Zealand session, in front of more than 50 partners, vendors and distributors on Hamilton Island.​

EDGE 2018: Kiwis kick back with Super Rugby before NZ session
EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018: Kiwis assess key customer priorities through NZ research

EDGE 2018 kicked off with a dedicated New Zealand track, highlighting the key customer priorities across the local market, in association with Dell EMC. Delivered through EDGE Research - leveraging Kiwi data through Tech Research Asia - more than 50 partners, vendors and distributors combined during an interactive session to assess the changing spending patterns of the end-user and the subsequent impact to the channel.

EDGE 2018: Kiwis assess key customer priorities through NZ research
Show Comments