US-based Palo Alto Networks said WireLurker which is infecting Apple's desktop and mobile operating systems appears to have originated in China and is mostly infecting devices there.
The malware spreads through apps uploaded from a third-party store and can steal information.
More than 400 infected apps have been downloaded over 350,000 times, it said.
"WireLurker is unlike anything we've ever seen in terms of Apple iOS and OS X malware," said Ryan Olson, the company's intelligence director.
"The techniques in use suggest that bad actors are getting more sophisticated when it comes to exploiting some of the world's best-known desktop and mobile platforms."
WireLurker has the ability to transfer from Apple's Mac computer to mobile devices through a USB cable.
Mac and iPhone The malware initially gets onto an iOS device via a USB link to an infected Mac computer
The security firm said the malware was capable of stealing "a variety of information" from mobile devices it infects and regularly requested updates from the attackers' control server.
"This malware is under active development and its creator's ultimate goal is not yet clear," the company added.
Work apps
According to Palo Alto Networks, WireLurker was first noticed in June when a developer at the Chinese firm Tencent realised there were suspicious files and processes happening on his Mac and iPhone.
Further inquiries revealed a total of 467 Mac programs listed on the Maiyadi App Store had been compromised to include the malware, which in turn had been downloaded more than 356,000 times as of 16 Oct.
Infected software included popular games including Angry Birds, The Sims 3, Pro Evolution Soccer 2014 and Battlefield: Bad Company 2.
Once the malware was on the Mac, it communicated with a command-and-control server to check if it needed to update its code, and then waited until an iPhone, iPad or iPod was connected.
When an iOS device was connected the malware would check if it was jailbroken - a process used by some to remove some of Apple's restrictions.
If it was jailbroken, WireLurker backed up the device's apps to the Mac, where it repackaged them with malware, and then installed the infected versions back on to the iOS machine.
If it was not jailbroken - which is the case for most iOS devices - WireLurker took advantage of a technique created by Apple to allow businesses to install special software on their staff's handsets and tablets.
No comments:
Post a Comment