WireLurker Malware Attacks Non-jailbroken iPhones through Your Mac

iPhone owners who haven't jailbroken their smartphone are facing the threat of malware thanks to WireLurker. The malware uses Macs to infect the iPhone, and once in place can steal your contacts, iMessage chats, and more.

WireLurker malware attacks unjailbroken iOS devices through your MacWireLurker malware attacks unjailbroken iOS devices through your Mac

WireLurker is different from other iOS malware threats because it doesn't require users to first hack their iPhone or iPad to allow unauthorized third-party app installations. Instead, it uses Apple's own enterprise provisioning tools to push the payload onto iOS devices connected to a Mac via USB.

Claud Xiao of the security research firm Palo Alto Networks said,

WireLurker monitors any iOS device connected via USB with an infected OS X computer and installs downloaded third-party applications or automatically generated malicious applications onto the device, regardless of whether it is jailbroken. This is the reason we call it 'wire lurker.' Researchers have demonstrated similar methods to attack non-jailbroken devices before; however, this malware combines a number of techniques to successfully realize a new brand of threat to all iOS devices.

The threat was discovered by Palo Alto Networks, and the firm said it appears to be originating in Mac apps downloaded through the Maiyadi App Store in China. So far 467 Mac apps have been turned into trojans to deliver WireLurker, and the apps have been downloaded more than 356,104 times.

Once WireLurker has been pushed out to an iOS device, it can download user data, and it contacts the attacker's control servers routinely for updates and instructions. WireLurker's ability to request updates means it can change to perform new tasks on victim's iPhones or iPads.

WireLurker has been in the wild for six months, so there's a good chance a lot of iOS devices have been infected. That said, it's fairly easy to protect yours from infection:

  • Don't download pirated Mac apps
  • Don't download apps from untrusted sources
  • Don't connect your iOS device via USB to untrusted computers
  • Don't use chargers from people you don't know to power up your iOS device battery

If you changed your Mac's settings to allow apps from any source to run, switch back to allowing apps from the Mac App Store and Apple-trusted developers. Here's how:

  • Go to Apple menu > System Preferences
  • Click Security & Privacy
  • Choose General
  • Select Mac App Store and identified developers from the Allow apps downloaded from section

Make sure your Mac runs apps only from trusted sources to avoid WireLurkerMake sure your Mac runs apps only from trusted sources to avoid WireLurker

Palo Alto Networks released an app to check your Mac for WireLurker, too. It's a free download through Github.