Have an iPad or iPhone? Don't plug it into public chargers

New malware can spread through USB; can read through your messages

A new trojan-horse that specifically targets iOS and OS X users has emerged out of China.

Security firm Palo Alto Networks has warned of a new malware threat to Apple customers that can infect iPhones and iPads via USB.

WireLurker is significant as it is the first to be able to infect iOS devices like a traditional virus. Previous malware has required users to have jailbroken their device, meaning less than one per cent of users were at risk.

The point of origin appears to have been a third-party app store for Macs running OS X.

Self-replicating malware

WireLurker is able to auto-generate infected software, meaning removing the app that allowed the malware into the device isn’t enough to solve the issue.

At the time of writing, some 467 apps are believed to be infected, with more than 350,000 users downloading them. All are hosted on Chinese third-party app store Maiyadi.

Infection through USB

Those downloading apps via Maiyadi aren’t the only users at risk. Wirelurker is also able to gain access to iOS devices through being connected via USB to an infected Mac.

Once it has infected an iOS device, Wirelurker copies your phonebook and will read through any iMessages you have on your phone or tablet.

For the time being, Palo Alto is saying the best way to avoid becoming infected is to not connect your iOS devices into any unfamiliar devices and to avoid using non-Apple chargers. That includes the public chargers you get at airports.

“We are aware of malicious software available from a download site aimed at users in China, and we’ve blocked the identified apps to prevent them from launching,” an spokesperson for Apple told Engadget. “As always, we recommend that users download and install software from trusted sources.”

Via: Engadget

Tags