Mac malware infects iPhones and iPads

Researchers at Palo Alto Networks have found a virus that initially targets OS X, but then infects connected iPhones and iPads. Hundreds of thousands of users may be affected, according to the researchers.

The malware spreads through infected apps in the Maiyadi application store for OS X, which mainly targets Chinese people. According to the researchers, 467 applications were infected, which together would have been downloaded 350,000 times. Hundreds of thousands of users may have been affected.

Once a Mac is infected with the malware, it then tries to infect USB-connected iOS devices. The researchers have therefore called the malware WireLurker. iOS devices can also be infected if they are not jailbroken. It is known to be the first virus to infect non-jailbroken devices in this way.

To this end, WireLurker installs an enterprise provisioning profile on connected phones. That system allows companies to install apps on employees’ phones without having to roll them out via the App Store, but can also be abused by attackers.

On a non-jailbroken phone, WireLurker doesn’t do much harm at this point; the malware just loads a comic book onto the phone. On jailbroken phones, part of the code of the AliPay and TaoBao payment apps is rewritten to enable payment data interception.

However, it is possible that the malware will also perform rogue operations on non-jailbroken phones. The malware is in contact with a command-and-control server, which can pass on new commands. In addition, there is a risk of copy-cats: other attackers who see that this way of attacking is possible and copy the method.

Palo Alto Networks has released a tool that allows people to check if their system is infected. In addition, the company discourages users from simply connecting iOS devices to computers or chargers, because even chargers can theoretically contain malware. Furthermore, the company recommends avoiding third-party application stores.