Unlike Android, iOS software that powers our iPhones, iPads and iPod touch has been safe from malware. Only malware that we have seen affecting Apple’s mobile devices over the past few years targeted jailbroken devices, which are naturally more vulnerable. That changed recently when a new malware called WireLurker was discovered. In a report coming from Palo Alto Networks firm, the company says that the malware has already affected thousands of users.
The bug is reportedly spreading from third party Chinese App Store for Mac called Maiyadi. This malware is hidden within the apps and transfers to the computer when that app is downloaded on it. WireLurker then uses the USB connection between the Mac and an iPhone or iPad to transfer itself to that device. Interestingly it is capable of spreading to stock iOS devices that do not need to be jailbroken to get affected by it. The virus rewrites the existing programs on the device through binary file replacement.
WireLurker malware uses the enterprise provisioning system that is meant for large organizations to deploy private apps on company devices that are not available through the App Store.
Once WireLurker has gained access to a non-jailbroken iOS device it downloads a comic book app on it that is not harmful for the user. Researchers believe that this is done for testing purposes and the malware will download malicious content later.
On jailbroken devices its a different story all together as instead of downloading non-lethal comic book app the virus rewrites apps such as AliPay and TaoBao to steal user’s payment information.
Palo Alto Networks has developed a software that lets you see whether your devices are affected by WireLurker bug or not. They have also advised users from accessing non-official App Stores on their Macs.