Security Researchers Discover New 'WireLurker' Malware Affecting Macs and iOS Devices
Security researchers at Palo Alto Networks have released a new paper titled WireLurker: A New Era in iOS and OS X Malware, which includes details about a new piece of malware that is affecting both Mac and iOS systems.
WireLurker is a trojan that has reportedly been circulating in a number of pirated pieces of software in China over the past several months. The malware appears to only target 64-bit OS X devices.
When the user installs the pirated software on his/her machine, WireLurker waits until it has root permissions and then installs itself into the OS as a system daemon (which uses libimobiledevice). The daemon sits on your machine and waits patiently until an iOS device is connected to the desktop, at which point it compromises the trusted connection between your iOS device and your Mac.
The daemon then collects information about your iOS device, including its serial number, phone number, iTunes Store identifier, and other information, and sends it to a remote server. The trojan then attempts to install malicious software on your iOS device. If your device happens to be jailbroken, the malicious software could read information from your device, including your iMessage history, address book, and other files.
It appears as though WireLurker's main focus is to identify information about the device's owner, as opposed to causing damage to the device itself.
The security researchers at Palo Alto Networks have released a WireLurker detector which can help you determine if your Mac is compromised.
The easiest way of avoiding this piece of malware is not to install software on your Mac that you don't trust. The security researchers have notified Apple about the issue, however, the company has not released any official comments at this point in time.