Apple blocks malware app users in China
07 Nov 2014
Apple Inc said it had identified and blocked malicious software applications that targeted users in China, Reuters reported.
Palo Alto Networks Inc said on Wednesday it had discovered a new family of malware capable of infecting Apple products, pointing to the increasing sophistication of attacks on iPhones and Mac computers.
"We are aware of malicious software available from a download site aimed at users in China, and we've blocked the identified apps to prevent them from launching," Apple said in an email to Reuters.
"As always, we recommend that users download and install software from trusted sources," Apple said.
According to Palo Alto company, it had seen indications that the attackers were Chinese. The malware which originated from a Chinese third-party apps store appeared to have mostly affected users within the country.
According to the security researchers, who called their discovery WireLurker, it the complex malware could install malicious apps on people's iPhone without needing to jailbreak it.
Though malware had been around for some time, WireLurker malware could infiltrate iOS devices connected to an infected Mac via USB and automatically install third-party apps on that person's iPhone, iPad, or iPod touch, regardless of whether that iOS device was jailbroken or not, PC Mag reported.
According to the researchers, it exhibited behaviour that had never been seen before in malicious software targeting Apple's platforms.
The malware works by infecting software downloaded from the web into a desktop or laptop computer and once installed it waits for an iPhone or iPad to be connected via USB, PC World reported.
It then scans the mobile device to see what software it contained. If a target app was installed, it copied the app from the mobile device to the desktop or laptop PC, infected the app and then copied it back.
The malware appeared to collect data from the user but, to date, no other malicious activity has been discovered, according to Palo Alto Networks.
It then proceeds to infect through several hundreds apps offered through a third-party Chinese software site called Maiyadi, users that had kept way from these were almost certainly safe.
The malware primarily targeted iPhones that had been ''jailbroken''- that is had some of their security removed so certain apps could be run on them.
Also there was a version that targeted conventional iPhones and carried an Apple digital security certificate, but according to researchers, even that version required users approval before it could be run.