Who said Macs were immune to malware? After years of largely skirting the security issues that plague Microsoft’s Windows operating system, Apple is getting a harsh dose of reality.
Palo Alto Networks just discovered a new family of Apple OSX an iOS malware that is displaying characteristics never before seen in any previously documented threats against Apple’s operating systems. Indeed, it’s enough to strike fear in the hearts of hard-core Apple users who have been lax about security.
Dubbed WireLukrer, the malicious software marks a new era in malware across Apple’s desktop and mobile platforms, according to Palo Alto. In fact, the firm said the malware family represents a real threat to businesses, governments and Apple customers worldwide.
How Serious Is It?
“WireLurker is unlike anything we’ve ever seen in terms of Apple iOS and OS X malware,” said Ryan Olson, Intelligence Director for Unit 42 at enterprise-level firewall provider Palo Alto Networks. The techniques in use suggest that bad actors are getting more sophisticated when it comes to exploiting some of the world’s best-known desktop and mobile platforms.”
How serious is this? WireLurker goes down in Apple security history as the first known malware family that can infect installed iOS applications similar to the way a traditional virus would work. It’s also the first in-the-wild malware family that can install third-party applications on non-jailbroken iOS devices through enterprise provisioning.
Beyond these distinctions, WireLurker is only the second-known malware family that attacks iOS devices through OS X via USB and is also notable as the first malware family to automate generation of malicious iOS applications through binary file replacement.
Apple’s Walled Garden
We turned to Craig Young, a security researcher at advanced cyberthreat detection firm Tripwire, to get his thoughts on the scary Apple malware. He told us he has long speculated that attackers could use enterprise features in iOS that are not secure enough to push malware onto iOS devices.
“This malware campaign confirms without a doubt that not only is this attack vector real, but it can in fact be very successful at compromising large numbers of non-jailbroken iOS devices,” Young said.
Young also pointed out that this WireLurker attack comes on the heels of others that have demonstrated an ability to produce properly signed malware for the Apple ecosystem.
“Don’t fall into the trap of thinking that Apple’s walled garden and security through obscurity approach truly provides real security,” Young said. “The same security practices preached for Windows and Android should also be taken seriously when using Apple products, like OS X and iOS.”