“Apple has responded to reports of malware targeting its iOS and Mac OS X platforms by blocking the apps in question and has urged users not only use its own app store for downloads,” Dave Neal reports for V3.
“Apple has made the move after security firm Palo Alto Networks warned that a new malware called WireLurker malware was found targeting Apple iOS and Mac software and is infecting systems on a large scale,” Neal reports. “The malware was reaching Apple devices via apps being downloaded to Mac OS X machines from untrusted third-party app stores. The malware was then able to ‘jump’ to iOS devices when they were plugged into the Macs with the malware.”
“Apple said it has now acted to limit the impact of this threat: ‘We are aware of malicious software available from a download site aimed at users in China, and we’ve blocked the identified apps to prevent them from launching,’ it said,” Neal reports. “‘As always, we recommend that users download and install software from trusted sources.'”
Read more in the full article here.
MacDailyNews Take: Once again, here’s our oft-repeated reminder for Mac users and anyone who’s trying to use any other platform: Do not download and authorize the installation of applications (Trojans) from untrusted sources. No OS can protect users from themselves (or we wouldn’t be able to install any software). Those who grant attackers access to their Macs, should not be surprised to find their Macs are compromised.
Related articles:
WireLurker trojan targeted at non-jailbroken iPhones spreads in China – November 6, 2014
There’s practically no iOS malware, thanks to Apple’s smart control over app distribution – June 13, 2014
F-Secure: Android accounted for 99% of new mobile malware in Q1 2014 – April 30, 2014
Google’s Sundar Pichai: Android not designed to be safe; if I wrote malware, I’d target Android, too – February 27, 2014
Cisco: Android the target of 99 percent of world’s mobile malware – January 17, 2014
U.S. DHS, FBI warn of malware threats to Android mobile devices – August 27, 2013
Android app malware rates skyrocket 40 percent in last quarter – August 7, 2013
First malware found in wild that exploits Android app signing flaw – July 25, 2013
Mobile Threats Report: Android accounts for 92% of all mobile malware – June 26, 2013
Latest self-replicating Android Trojan looks and acts just like Windows malware – June 7, 2013
99.9% of new mobile malware targets Android phones – May 30, 2013
Good move Apple! 😊
China again… what a culture shess!!
And this is precisely why Apple locks its iOS devices to download apps only from Apple’s App Store. Notice these apps were downloaded from a Chinese third party app site. It’s also why Apple is trying to move all Mac apps to the Mac App Store rather than downloading from anywhere.
Apple is trying to move all Mac apps to the Mac App Store? In what way? They’re more enforcing of the opposite with the lack of trials and paid upgrades. If the were seriously trying the first thing to do would be addressing the issues of why developers are removing apps. eg BBEdit, MPlayerX among many others. Sandbox restrictions is a pain in the arse for users as well as developers.
fine, download and install viruses on your devices.
dickhead…
fsckwad.
Actually, Bizlaw (great posts this week BTW!), Apple isn’t forcing the Mac App Store. Apple is forcing Apple approved security certificates into every OS X application. That’s a worthwhile cause.
Meanwhile, a lot of extremely functional an important software would be either hobbled or booted if the only source of Mac software was the Mac App Store. Therefore, that’s NEVER going to happen. There would be torches and pitchforks at midnight if Apple attempted to pull that stunt.
That un-escalated quickly.
‘de-escalated’, if one wishes to be more proper, I suppose.
Doomed?
“…“Apple said it has now acted to limit the impact of this threat: ‘We are aware of malicious software available from a download site aimed at users in China, and we’ve blocked the identified apps to prevent them from launching,’ it said,” Neal reports. “‘As always, we recommend that users download and install software from trusted sources.””…”
That’s nice.
Wait…
You did what?
Let me read that again…
“…we’ve blocked the identified apps to prevent them from launching…”
Apple can block apps from launching on my Mac ? Is this done independently of the Security & Privacy System Preference?
I wonder exactly what they did?
http://www.thesafemac.com/mmg-builtin/
That would be OS X’s File Quarantine / Known Malware Detection.
It’s a very clever system for remotely disabling malware, which Apple developed around 2011 when dealing with the Trojan called “Mac Defender.”
Here’s an Apple Support article about it:
http://support.apple.com/en-us/HT3662
Here’s an Software Update referencing it:
http://support.apple.com/en-us/HT3662
Apple doesn’t reveal many specific details about how OS X’s anti-malware system works. It seems to involve a local “black list” file containing signatures of known OS X malware. This black list receives automatic updates in the background as frequently as once a day, adding signatures of newly discovered Trojans and their variants.
I still say it was the Chinese Government.
“… Researchers say that once WireLurker is installed on a Mac, the malware listens for a USB connection to an iOS device and immediately infects it. Once infected, WireLurker’s creators can steal a victim’s address book, read iMessage text messages and regularly request updates from attackers’ command-and-control server. Though the creator’s ultimate goal is not yet clear, researchers say the malware is actively being updated…”
This is their modus operandi, the infiltrate, wait for instructions.
Also what is not discussed here is what the initial penetration vectors were for the 3rd party software services. Was the malware brought in by a human intentionally?
Were the infected applications uploaded to the service or were they infected locally. If locally, I would assume the malware had privileges.
What OS are the 3rd party software stores running? LINUX?
It sounds like it could be China’s Red Hackers, the people who hack for Patriotism and Fame while China’s government speaks out of both sides of their mouth. To us they say, “Bad hackers… baaaaad hackers! You stop that.” To the hackers they say “Keep up the good work” we need information.
A Trojan is revealed yesterday, and blocked today by Apple.
Anyone who got infected must have picked the wrong day to install pirated apps from a Chinese third party app store.
China’s Red Hackers: The Tale of One Patriotic Cyberwarrior
http://world.time.com/2013/02/21/chinas-red-hackers-the-tale-of-one-patriotic-cyberwarrior/
For those unfamiliar with the Red Hacker Alliance: They were formed in 1998, after the USA was dopey enough to hand China ‘Most Favored Nation’ status. They PWNed every single US federal computer exposed to the Internet. The dopey USA government (MY government) didn’t acknowledge their activity until 2007, that’s 9 years after it started.
#MyStupidGovernment in action.
And yes kiddies, this federal incompetence spanned the administrations of BOTH Democrats AND Republicans. So to hell with both of them.
Typo:
Should be “recommend that users only download…”
It now reads “users not only download…”
Not that anyone reading this would read it the way it’s written now.
THAT is Apple in TOP form!
The WireLurker buzz started early this morning on the net waves. Apple POUNCED ON IT! Bravo!
Further information, from its source:
(Keep trying. Their server is being bombed ATM).
WireLurker: A New Era in OS X and iOS Malware
Free WireLurker Detector, runs in the Terminal:
PaloAltoNetworks-BD/WireLurkerDetector
For some perspective. I know of two OS X security flaws announced this week. I know of this one OS X (and iOS) malware discovered this week.
MEANWHILE in the whole of the computerSphere:
158 new malware created EVERY MINUTE
Q: Is it a good idea to stick with Apple gear for the sake of security?
A: I’d say yes.
Thanks Derek.
There goes the “security through obscurity” myth trumpeted by Windozers for the last million years.
Apple “has urged users not only use its own app store for downloads,”
So I should not use the App Store?