WireLurker, the malware targeting Mac, iOS devices – Apple blocks it.

Mac OS users have spent long with fearless safety of their machines from malwares or viruses and the same has been considered for the iOS devices. But now the “WireLurker” is something that has been discovered to infect Apple’s Mac OS computers and iOS devices.

Palo Alto Networks, the security researchers and developers, have discovered the malware that detects any iOS device including iPhone or iPad when connected via a USB to an infected OS X computer and transfers downloaded third-party malicious applications to the connected device. It equally treats a non-jailbroken or jailbroken device. The company named it as “WireLurker”.

WireLurker was used to trojanize 467 OS X applications on the Maiyadi App Store, a third-party Mac application store in China. In the past six months, these 467 infected applications were downloaded over 356,104 times and may have impacted hundreds of thousands of users.

Researchers have demonstrated similar methods to attack non-jailbroken devices before; however, this malware combines a number of techniques to successfully realize a new brand of threat to all iOS devices.

Interestingly, Apple has responded very quickly and said “We are aware of malicious software available from a download site aimed at users in China, and we’ve blocked the identified apps to prevent them from launching.”

There is need to question as Apple has not clarified on how they are carrying out the procedure. The company only emphasised “As always, we recommend that users download and install software from trusted sources.” holding the users responsible for that.

Anyway, the security firm has also listed some steps to mitigate the threat from WireLurker in this article. A tool has also been developed to detect if your device is infected with the WireLurker. Download WireLurker Detector.

If you wandering to fix something about it, then there are some steps to find and remove.

Jailbroken Users

1. Install iFile from Cydia if you don’t have already. SSH through terminal can be used too.
2. Go to /Library > MobileSubstrate > DynamicLibraries.
3. Now search a file named sfbase.dylib, and if found, you know your device is infected. However, if no such file exists, breathe a sigh of relief.

A complete restore will do much better in any case but you may loose your jailbreak.

Non-Jailbroken Users

1. Open the Settings. Go to General > Profile.
2. Look for any non-standard profile listed. If you find one then just delete it.
3. Delete all strange or suspicious apps that you see on your device.

source: Palo Alto Networks
v ia: redmondpie, reddit