A new trojan-horse that specifically targets iOS and OS X users has emerged out of China.
WireLurker is significant as it is the first to be able to infect iOS devices like a traditional virus. Previous malware has required users to have jailbroken their device, meaning less than one per cent of users were at risk.
The point of origin appears to have been a third-party app store for Macs running OS X.
WireLurker is able to auto-generate infected software, meaning removing the app that allowed the malware into the device isn’t enough to solve the issue.
At the time of writing, some 467 apps are believed to be infected, with more than 350,000 users downloading them. All are hosted on Chinese third-party app store Maiyadi.
Infection through USB
Those downloading apps via Maiyadi aren’t the only users at risk. Wirelurker is also able to gain access to iOS devices through being connected via USB to an infected Mac.
Once it has infected an iOS device, Wirelurker copies your phonebook and will read through any iMessages you have on your phone or tablet.
For the time being, Palo Alto is saying the best way to avoid becoming infected is to not connect your iOS devices into any unfamiliar devices and to avoid using non-Apple chargers. That includes the public chargers you get at airports.
“We are aware of malicious software available from a download site aimed at users in China, and we’ve blocked the identified apps to prevent them from launching,” an spokesperson for Apple told Engadget. “As always, we recommend that users download and install software from trusted sources.”