WireLurker Malware Attacks iOS Devices Through USB

According to a report from the threat monitoring firm Palo Alto Networks, a new form of iOS malware has been discovered that uses infected OSX machines connected to iPhones and iPads to infect a mobile device.

Dubbed “WireLurker”, the program was first spotted in China after being distributed on the Maiyadi App Store, which acts as a third-party application provider for OSX computers.

Wirelurker works much like the few other cases of iOS malware we’ve seen in the past, sneaking onto a user’s device not through the air, but instead through an infected desktop after the phone or tablet is plugged in via the USB port.

So far this seems to be the only available attack path to anyone who wants to get malware into the mobile OS, due to the many stable and trusted security precautions Apple took to be sure that their devices were impenetrable by any threats that might try and make their approach from over Wi-Fi or cellular networks.

“WireLurker monitors any iOS device connected via USB with an infected OS X computer and installs downloaded third-party applications or automatically generated malicious applications onto the device, regardless of whether it is jailbroken”, said Claud Xiao of Palo Alto Networks.

“This is the reason we call it “wire lurker”. Researchers have demonstrated similar methods to attack non-jailbroken devices before; however, this malware combines a number of techniques to successfully realize a new brand of threat to all iOS devices.”

In previous iterations of this type of attack technique, it was relatively easy for the user to spot a problem as long as they consistently kept track of the apps that were installed on their device. The trojan would always need to imitate a program in order to function, and could be easily uninstalled if the affected user was able to tell whether or not they’d downloaded it themselves.

What makes WireLurker different and especially hard to detect is that unlike its predecessors, it actually has the ability to infect applications that you use every day anyway.

Instead of creating a fake app that could simply be picked out of the line-up, now any program on your phone could potentially be carrying an infected payload used for everything from monitoring your communications to stealing sensitive data like banking logins and financial information typed into the mobile browser.

With such high levels of control available to the developers, this is one of the most significant threats we’ve seen on the iOS platform to date.

“WireLurker exhibits complex code structure, multiple component versions, file hiding, code obfuscation and customized encryption to thwart anti-reversing. In this whitepaper, we explain how WireLurker is delivered, the details of its malware progression, and specifics on its operation.”

For now the best method to prevent your device from falling prey to WireLurker is to constantly update the anti-virus software on your OSX system, and until a more consistent solution is found, to avoid plugging your phone directly into your computer unless it’s running Windows or a variant of Linux.