WireLurker

It seems there’s always something new happening in the cybersecurity world. Apple users should watch out for a threat called WireLurker. WireLurker has proven to be surprisingly virulent and could have already affected hundreds of thousands of devices. While macOS viruses are more common than people expect, it’s almost unheard of for there to be iOS viruses. WireLurker stands out because even non-jailbroken phones are at threat.

One slightly confusing thing about WireLurker is that it doesn’t seem to do much. Security researchers say that the virus continually connects to a command and control server, meaning that the people behind WireLurker have big plans for the future. The virus will likely be used to steal contact information from phones at the very least, if not harvest usernames and passwords for accounts.

WireLurker was discovered by Palo Alto Networks. Palo Alto says the virus attacks non-jailbroken phones through trojan infections and repackaged iPhone applications. If this is true, it could mark a new stage in the evolution of Apple-based malware.

To keep things short and sweet, the original WireLurker infection comes from a third-party store, such as the Maiyadi app store in China. When users download and install an infected app onto their device, the virus gets to work. If you plug an iOS device into an infected machine, WireLurker invades the connected device and installs itself. By leveraging the enterprise provisioning system – a method that allows companies to side-load apps onto corporate devices given its employees – WireLurker can infect non-jailbroken devices.

The virus gets to work quickly after accessing your device. If your device isn’t jailbroken, then WireLurker installs other apps from the App Store. The virus can do much more for jailbroken phones, including infecting apps already on your device, turning them into trojan viruses, and then sending them back to the Mac. Whether your phone is jailbroken or not, the virus continually pings a central command server. The server updates the virus and issues new instructions, such as telling the virus to harvest and submit sensitive data from the device.

Can Malware Really Get on iOS?

Many Apple users, and Apple themselves, will tout the security of macOS and iOS. The idea that malware could exist for iOS seems laughable, and you can measure the number of severe Mac malware on the one hand – two at the most. This doesn’t mean that the operating system is entirely free from issues, however. The good news is that it takes a lot to find yourself infected with WireLurker.

The first step of infection requires you to install an infected application on your Mac. This isn’t to say that the official Mac App Store has no malware on it, but you are more likely to get infected through a third-party store. Your Mac will prompt you several times to verify that you want to install and run software obtained from a third-party source. WireLurker will even prompt another security prompt to verify the enterprise provisioning step.

This means there are several warning signs that something is wrong. Even so, Palo Alto estimate 467 infected apps were downloaded over 350,000 times through the Maiyudi app store. The company doesn’t have precise information on how many people infected their devices, but it’s fair to estimate a large portion of them did. It’s nice that Apple offers all of these prompts and warnings that something is wrong, but many people push through them without reading – especially when they want to install an app.

It’s hard to say what a WireLurker infection means in the long-term. It seems that the people behind the virus are only just getting started with it. The virus doesn’t appear to do much right now, but the way the virus connects to a command and control server means that new instructions and functions could come at any time.

One thing we can say is that WireLurker is still under development. What we see now isn’t the final form this virus will take. WireLurker could infect apps all across the App Store, giving the virus plenty of opportunities to spread across devices. Apple is already putting teams on solving the problem, but users should practice healthy digital hygiene habits and know what they are installing.