Wednesday, November 5, 2014

Palo Alto Networks Uncovers WireLurker iOS and OS X Malware

Palo Alto Networks announced discovery of a new "WireLurker" malware attacking Apple OS X and iOS platforms. In a technical alert bulletin, the company said WireLurker marks a new era in malware across Apple's desktop and mobile platforms.

Among its defining characteristics, WireLurker represents:

  • The first known malware family that can infect installed iOS applications similar to how a traditional virus would
  • The first in-the-wild malware family that can install third-party applications on non-jailbroken iOS devices through enterprise provisioning
  • Only the second known malware family that attacks iOS devices through OS X via USB
  • The first malware family to automate generation of malicious iOS applications through binary file replacement.

Palo Alto Networks has released signatures to detect all WireLurker Command & Control communication traffic.

"WireLurker is unlike anything we've ever seen in terms of Apple iOS and OS X malware. The techniques in use suggest that bad actors are getting more sophisticated when it comes to exploiting some of the world's best-known desktop and mobile platforms. As such we have provided full protection to Palo Alto Networks customers and published a detailed report so others can assess the risk and take appropriate measures to protect themselves," stated Ryan Olson, Intelligence Director, Unit 42, Palo Alto Networks.