The Independent's journalism is supported by our readers. When you purchase through links on our site, we may earn commission. 

WireLurker: Chinese Apple malware lets hackers 'crack hard shell of iPhone security'

Experts say that the malware's "ultimate goal is not yet clear”

James Vincent
Thursday 06 November 2014 10:11 GMT
Comments
A man talks on an iPhone in Beijing July 24, 2013.
A man talks on an iPhone in Beijing July 24, 2013. (REUTERS/Kim Kyung-Hoon)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Apple users in China are under attack from a new family of malware, as the American company continues to run into trouble in the country it hopes will one day become its biggest market.

The malware known as “WireLurker” infects computers via apps downloaded from the third-party ‘Maiyadi’ App Store and is capable of leaping to iPhones when they’re connected via USB.

It’s the first known malware that can infect Apple mobiles that haven’t been ‘jailbroken’ and security experts have warned that it “may have impacted hundreds of thousands of users.”

"WireLurker is unlike anything we've ever seen in terms of Apple iOS and OS X malware," said Ryan Olson, intelligence director of Palo Alto Networks Inc, who discovered the program.

"The techniques in use suggest that bad actors are getting more sophisticated when it comes to exploiting some of the world's best-known desktop and mobile platforms."

Olson added that it was not clear exactly what the objective of the malware was. His company observed more than 400 infected apps that were downloaded more than 350,000 times, but so far there was no evidence anything more sensitive than phonebook contacts had been stolen.

WireLurker was observed downloading a harmless looking comic book app onto users’ phones, which the researchers believe is simply a test payload to check the malware is working correctly.

However, he added, “they could just as easily take your Apple ID or do something else that's bad new […] This malware is under active development and its creator's ultimate goal is not yet clear.”

Apple responded to the news with a statement: "We are aware of malicious software available from a download site aimed at users in China, and we’ve blocked the identified apps to prevent them from launching. As always, we recommend that users download and install software from trusted sources.”

The discovery of the malware follows reports of extensive phishing attacks aimed at Chinese users last month, and although WireLurker’s spread is so far apparently confined to China, Palo Alto Networks warns that the malware sets a dangerous precedent for historically secure iOS devices.

“Even though this is the first time this is happening,” Olson told The New York Times, “it demonstrates to a lot of attackers that this is a method that can be used to crack through the hard shell that Apple has built around its iOS devices."

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in