Apple blocks Chinese trojan apps

17 Comments

“Apple has blocked newly discovered apps meant to help prying eyes spy on Chinese iPhone users,” Danny Yadron reports for The Wall Street Journal. “The software is hidden in downloads available from a Chinese app store for Mac computers. Once installed, it waits until consumers connect an iPhone or iPad and then steals data stored on the device.”

“‘We are aware of malicious software available from a download site aimed at users in China, and we’ve blocked the identified apps to prevent them from launching,’ Apple said in a written statement Thursday,” Yadron reports. “Palo Alto Networks found the malicious code in 467 apps on China’s Maiyadi App Store for Mac computers.”

Yadron reports, “In a statement, Apple warned users to download only software from ‘trusted sources.'”

Read more in the full article here.

Related articles:
Apple blocks apps after WireLurker malware on iOS and Mac OS X uncovered in China – November 6, 2014
WireLurker trojan targeted at non-jailbroken iPhones spreads in China – November 6, 2014
There’s practically no iOS malware, thanks to Apple’s smart control over app distribution – June 13, 2014
F-Secure: Android accounted for 99% of new mobile malware in Q1 2014 – April 30, 2014
Google’s Sundar Pichai: Android not designed to be safe; if I wrote malware, I’d target Android, too – February 27, 2014
Cisco: Android the target of 99 percent of world’s mobile malware – January 17, 2014
U.S. DHS, FBI warn of malware threats to Android mobile devices – August 27, 2013
Android app malware rates skyrocket 40 percent in last quarter – August 7, 2013
First malware found in wild that exploits Android app signing flaw – July 25, 2013
Mobile Threats Report: Android accounts for 92% of all mobile malware – June 26, 2013
Latest self-replicating Android Trojan looks and acts just like Windows malware – June 7, 2013
99.9% of new mobile malware targets Android phones – May 30, 2013

17 Comments

    1. We know the TechTard journalists only want the HITS, and have no regard for factual information. Here’s an umbrella for them to shove… 🌂

      Meanwhile, over 300,000 downloads of infected warez have been made. THAT translates into a major infection. Therefore, making a big deal out of this is entirely appropriate… within reason.

      Reply

  2. Well that was quick. Next!

    Actually, though, at what point does the “bad” software become not usable? Are the iThings that have it still able to run the installed versions? Like will they keep running until the next sync or update or something? I get that they can no longer be installed. I’ve run into that myself in the past.

    Reply

    1. This is how it works, as per two previous species of Mac malware that used the same infection vector:

      1) Warez software is obtained then infected.
      2) The infection lies within the INSTALLER for the warez. The actual intended installation continues as usual. But ALSO installed is the malware. This is done by altering the installation script to incorporate the included Trojan malware.
      3) The actual warez works fine. But so does the also installed malware.

      Previous examples of Mac malware Trojans stuffed into warez installers:

      2009: OSX.Trojan.iServices.A-C
      2014: OSX.Trojan.iWorm (Which obviously wasn’t a worm)

      ∑ = Don’t install Warez.

      https://en.wikipedia.org/wiki/Warez

      Reply

    1. NO. Over 300,000 copies were downloaded of the over 400 infected warez apps that have so far been identified.

      This is malware that has potentially infected 100s of thousands of Macs and subsequently infected as many iOS devices.

      Where does ‘sky is falling!’ FUD fit into those facts?

      This malware is all about illegal download of compromised software, aka WAREZ. It’s specific to that community of pirates. Whether this infection technique will be applied to other software download scenarios… we shall see.

      Counter-Spell: Read this if you really want to get freaked out. It has next-to-nothing to do with anything Apple. So smile. You’re using Apple gear!

      158 new malware created EVERY MINUTE

      Let THEM worry about the sky falling…

      Reply

      1. Sorry, I disagree. It was downloaded over 300,000 times in a nation where piracy runs rampant and they were using a shady location to “install” apps, which means they must have been using some sort of developer profiles to install (a la GBA emulator).

        As long as the malware in question requires admin rights (read: admin password) to install on my Mac, it is nothing more than a “chicken little” article.

        Talk to me when you can visit a website about Pacman and be immediately infected and have to reinstall the OS (happened to someone at my previous job on Windows 7). THAT is a problem.

        Reply

        1. It’s entirely right to point out that this was perpetrated INSIDE China. It’s entirely right to expect this entire malware attack was orchestrated BY the Chinese government AGAINST the Chinese citizens.

          Meanwhile, everything else you said is quite wrong. I wrote in a further reply here about how warez software installers are the vector of installation. The warez is installed, you’re infected. You provided the admin password. Now you’re PWNed. That is how this malware and two earlier types of malware created botnets with, in one case, 100s of thousands of botted Macs. I said Macs.

          Following security is annoying and difficult. I should know. But it’s ridiculous to pretend real malware isn’t relevant to the real world. You’ve got to do some READING and RESEARCH before you make broad statements about anything. Again, I should know.

  6. Obviously implemented by the Chinese government, since it’s only spying on mobile devices and retrieving contacts and such. Not much use to crooks, but exactly the information the government covets.

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Tags: , , , , , , , , , ,