How Apple users can protect themselves from WireLurker malware
Security researchers have found a new malware that targets Apple AAPL, +0.00% users in “the biggest scale we have ever seen” — a sign that criminals are becoming more proficient at hacking Macs and iPhones.
The malware, named WireLurker, infects Apple OS X operating systems and then downloads applications onto iPhones that connect to those computers via USB, according to a report published by Palo Alto Networks, a Santa Clara, Calif.-based security company. It can then siphon basic user and device information, Apple IDs, address book contact information, and who iMessages are sent to.
WireLurker first infected 467 OS X third-party applications, which have been downloaded more than 350,000 times in the last six months, in the Chinese Maiyadi App store. That means hundreds of thousands of users could be attack victims. While iPhone users can only download third-party apps if they jailbreak their devices — or remove certain limitations to further customize settings and use software Apple hasn’t approved — WireLurker presents a universal threat: It can seep into any iPhone connected to an infected Mac.
“It’s a big step forward for attackers on this platform. They’ve been doing things that they’ve never been able to do in the past,” says Ryan Olson, director of threat intelligence at Palo Alto Networks. And given that Apple has entered the payments space, “there certainly are going to be more people looking at their devices because there’s more value in compromising them.”
A long-standing perk associated with using Apple devices was that they’re less malware-prone than Android or other operating systems because the company regulates what iPhone users can download. Given that Apple’s App Store is policed — all apps are reviewed before they’re offered to the public — Apple devices have become known for being generally more secure.
Apple told MarketWatch Thursday that it has blocked the infected apps.
Here is how you can protect your iPhone and Mac computers:
- Don’t jailbreak your iPhone and download applications or games from third-party app stores or websites. Downloading third-party applications outside the official Apple app store is where users could get into trouble. Pirated software and apps, and third-party apps, are more likely to include malicious components, Olson says.
- Install and use antivirus software for your Mac.
- Install security updates for your devices and apps. The updates often patch security vulnerabilities and keep your computer up-to-date in the battle against malware and other threats. Don’t ignore them.
- Think before you connect. Be sure you trust the machine you connect your devices to because a USB can transfer data, even if you’re just looking for power. “I wouldn’t plug my phone into any sort of random USB port,” Olson says. “I would use an adapter of my own that has two prongs and plug it into an AC jack.”