Ultimate Malware "WireLurker" finally infects non-jailbroken iPhone has appeared

ByErik Veland

Security service companyPalo Alto NetworksMalware that infects iOS devices such as iPhone and iPad via Apple's OS X-equipped MacWireLurker(Wire larker) "was discovered and summarized the report. WireLurker monitors connected iOS terminals when infected with Mac, and sends malware to iOS terminals without notice to users. Until now, malware infecting iOS devices is an act of canceling the restriction that Apple imposes on user rights "Jailbreak(Jailbreak) ", but WireLurker is able to infect iOS terminals that have not jailbroked as well.

WireLurker: A New Era in OS X and iOS Malware - Palo Alto Networks BlogPalo Alto Networks Blog
http://researchcenter.paloaltonetworks.com/2014/11/wirelurker-new-era-os-x-ios-malware/

Researchers Discover New 'WireLurker' Malware Affecting Macs and iOS Devices in China [Updated] - Mac Rumors
http://www.macrumors.com/2014/11/05/wirelurker-malware-affecting-macs-ios-devices/

Trojan horseWireLurker, which is a kind of one, can automatically generate malicious apps by rewriting the binary file of infected iOS application via Mac. In addition, WireLurker can install malicious applications on iOS devices that have not jailbroken by exploiting the application delivery function inside the company.

WireLurker has been found in 467 applications distributed in the third-party app store for Mac in the "Maiyadi App Store" in China, and in the past 6 months, applications containing WireLurker have been downloaded more than 350,000 times, hundreds of thousands Palo Alto Networks says there is a possibility that it may be infected with the user's Mac.

ByAchim Schrepfer

WireLurker secretly monitors the iOS terminal connected with the USB cable to the OS X Mac, and infects the iOS terminal regardless of jailbreak. As its name suggests, "Wire (with USB cable)" "Lurker (geezer)". According to security researchers at Palo Alto Networks, WireLurker is also equipped with the ability to send information on infected iOS terminals to the outside, and to receive periodic updates from the control server, and WireLurker is still under development The author's ultimate goal is still not clear. further,reverse engineeringWe also know that code is complicated and encrypted to make it difficult to analyze.

Palo Alto Networks is an open source software community GitHub, a tool to detect WireLurker "WireLurkerDetector"Is on sale.

PaloAltoNetworks-BD / WireLurkerDetector · GitHub
https://github.com/PaloAltoNetworks-BD/WireLurkerDetector


In addition, Palo Alto Networks has taken measures against WireLurker, such as making thorough security measures such as keeping antivirus software up-to-date, downloading only apps that were certified by the App Store, Do not download downloaded apps and games, Keep the version of iOS device up-to-date, Do not pair unreliable Mac with iOS devices, Do not jailbreak,GlobalProtectWe are introducing to introduce "