Researchers Discover New 'WireLurker' Malware Affecting Macs and iOS Devices in China

 Most people today know that Apple products aren’t bulletproof, but 350,000 Mac and iPhone users in China are finding that out the hard way. New malware called WireLurker is quietly stealing data from their devices.

It’s a nasty little infection, too. Once it has infected a Mac, WireLurker waits in the shadows for an iOS device to be plugged it. It then takes advantage of Apple’s trusted pairing to siphon specific data off the device, including its serial number, phone number, and iTunes store identifier.
The device doesn’t have to be jailbroken for WireLurker to infect it (the malware abuses Apple’s enterprise provisioning plumbing to pull that off), but jailbroken devices do get special attention. WireLurker steals additional info from the iMessage history, address book, and a handful of other files. According to security researcher Johnathan Zdziarski, WireLurker’s primary target doesn’t appear to be the data in the devices it infects. Rather, it seems as though it’s trying to identify software pirates — nice to know, but not necessarily all that reassuring. Someone is still pushing your personal information to a remote server.

WireLurker also tries to sneak malicious apps onto the device while it’s connected — and many users won’t even notice their installation. Zdziarski says that “user education is the biggest problem” when it comes to WireLurker, adding that “Apple has a poor reputation for helping their users make smarter decisions about security.”

The good news is that there are tools out there to combat WireLurker. Palo Alto Networks offers a free WireLurker detector, and you’re probably not in any danger of infection if you don’t download warez from shady websites.

If your Mac is clean, then you should be fine. Just don’t go plugging your iPhone or iPad into someone else’s Mac for a little recharge or to swap some files without knowing whether or not it’s clean. You could end up transferring more than you wanted to.