iOS Experts Worried By Fake App Store’s Malware

This is the most advanced iPhone malware yet, and it should terrify you
November 6, 2014
Malware Discovered In China Could Herald ‘New Era’ Of iOS And Mac Threats
November 10, 2014

7 November 2014

IOS

Apple’s iOS devices have generally been relatively safe from malware threats in the past. But you might want to watch what you plug your iPhone into from now on: New reports say a malicious software called WireLurker is able to infest iOS devices.

While you’re probably safe from this specific virus, the way it attacks iPhones and iPads has experts worried.

WireLurker itself is rooted in third-party, Chinese Mac OS X app stores, according to CNET. People sometimes download these “stores” to access unofficial apps, since they’re basically home-brewed versions of the App Store that aren’t tied down to Apple’s approval or standards.

For now, average U.S. users who avoid unvalidated apps and software shouldn’t have an issue with WireLurker. But experts say the case is the first-known example of malware that can infect installed apps like a “traditional virus,” even on devices that aren’t jailbroken — setting a troubling precedent of malicious software worming its way onto phones that users haven’t necessarily altered in an unsafe way.

WireLurker is designed to “steal a variety of information” from users, according to security firm Palo Alto Networks. It gains access to iOS devices after they’re plugged into a computer via a USB cable. Palo Alto Networks notes that WireLurker’s “creator’s ultimate goal is not yet clear.” It’s been downloaded over 356,000 times.

In an email, an Apple spokesperson told The Huffington Post that the problem is under control so long as users exercise common sense when downloading apps.

“We are aware of malicious software available from a download site aimed at users in China, and we’ve blocked the identified apps to prevent them from launching,” the spokesperson wrote. “As always, we recommend that users download and install software from trusted sources.”

Kevin Mahaffey, co-founder of Lookout, a security technology service, said WireLurker may represent a dangerous new trend in malware.

“What’s interesting here is that malware attacked a PC in order to gain access to a mobile device, not to attack the PC — yet another sign that mobile is becoming the dominant computing platform,” said Mahaffey in a statement provided via email by a Lookout representative.

For years, conventional wisdom has held that Android devices are much more susceptible to malware than iOS devices. Android devices accounted for 84 percent of the global smartphone market in the third quarter of 2014, according to the research firm Strategy Analytics, and the Guardian reported that 98 percent of mobile malware in 2013 targeted Android devices.

“Now, as the number of iOS devices has grown, especially in geographies where malware tends to originate, iPhones and iPads have become attractive attack targets as well,” Mahaffey said. The Guardian reported in February that iOS had a number of security holes and vulnerabilities that Apple appeared slow to fix.

For now, iOS and Android users alike can follow the same advice: Only install apps from trusted sources — on both your smartphone and your computer.

Source – http://www.huffingtonpost.com/2014/11/06/ios-malware_n_6114622.html