The BBC has an article about Apple malware and the Chinese:
Malware has bypassed Apple's safety controls by taking advantage of a process used by employers to add apps to workers' iPhones and iPads. Palo Alto Networks said WireLurker appeared to have originated in China, and was mostly infecting devices there. The malware first targets Apple computers via a third-party store, before copying itself to iOS devices.Rico says he'll feel better once the Chinese start taking some of these hackers out and hanging them, preferably on live television... But, while the advice is good, Rico says he never downloads games and other dangerous crap off the Internet, nor should you.
Researchers warn it steals information and can install other damaging apps. "WireLurker is unlike anything we've ever seen in terms of Apple iOS and OS X malware," said Ryan Olson, Palo Alto Network's intelligence director. "The techniques in use suggest that bad actors are getting more sophisticated when it comes to exploiting some of the world's best-known desktop and mobile platforms."
WireLurker has the ability to transfer from Apple's computers to mobile devices through a USB cable. The malware initially gets onto an iOS device via a USB link to an infected Macintosh computer. The security firm said the malware was capable of stealing "a variety of information" from mobile devices it infects and regularly requested updates from the attackers' control server. "This malware is under active development and its creator's ultimate goal is not yet clear," the company added.
Apple has issued a brief statement: "We are aware of malicious software available from a download site aimed at users in China, and we've blocked the identified apps to prevent them from launching," it said. "As always, we recommend that users download and install software from trusted sources."
According to Palo Alto Networks, WireLurker was first noticed in June of 2014 when a developer at the Chinese firm Tencent realized there were suspicious files and processes happening on his Mac and iPhone.
Further inquiries revealed a total of 467 Mac programs listed on the Maiyadi App Store had been compromised to include the malware, which in turn had been downloaded 356,104 times as of 16 October 2014.
Infected software included popular games, including Angry Birds, The Sims 3, Pro Evolution Soccer 2014, and Battlefield: Bad Company 2.
Once the malware was on the Mac, it communicated with a command-and-control server to check if it needed to update its code, and then waited until an iPhone, iPad, or iPod was connected.
When an iOS device was connected the malware would check if it was jailbroken, a process used by some to remove some of Apple's restrictions.
If it was jailbroken, WireLurker backed up the device's apps to the Mac, where it repackaged them with malware, and then installed the infected versions back on to the iOS machine.
If it was not jailbroken (which is the case for most iOS devices) WireLurker took advantage of a technique created by Apple to allow businesses to install special software on their staff's handsets and tablets.
Wirelurker hides its code inside software that is initially downloaded to a Macintosh computer. This involved placing infected apps on the device that had been signed with a bogus "enterprise certificate", code added to a product that is supposed to prove it comes from a trustworthy source.
To ensure the devices accepted this certificate, a permissions request was made to pop up on the targeted iOS device on the user's first attempt to run an infected app.
It simply asked for permission to run the app but, if the user clicked "continue", it installed code called a "provisioning profile", which told the iOS device it could trust any other app that had the same enterprise certificate.
Palo Alto Networks remarked that, while this technique was not a new concept, it was the only known example of it being used to target non-jailbroken iOS devices in the wild.
Once active, the malware is used to upload information about the machine to the hackers, including phone numbers from its Contacts app, and the user's Apple ID.
Different versions of WireLurker also automatically installed new apps on the devices, including a video game and a comic book reader.
"People have got very used to iOS being secure, and there is a danger they may be complacent about the risk this presents," said Professor Alan Woodward, from the UK's University of Surrey. "Now that Apple knows what it's looking for, it should be able to shut it down relatively easily. But it shows that people are trying to attack Apple's operating system, and the firm can't take security for granted."
News of the attack comes after Apple's iCloud storage service in China was attacked by hackers trying to steal user information just last month. Chinese web monitoring group Greatfire.org said that hackers intercepted data and potentially gained access to passwords, messages, photos and contacts. They believed the Beijing government was behind the move.
But the Chinese government denied the claims, and was backed by state-owned internet provider China Telecom, which said the accusation was "untrue and unfounded".
China is home to the world's biggest smartphone market, and Apple saw its iPhone sales there jump fifty percent in the April to June quarter from a year earlier.
To minimize the risk of attack, Palo Alto Networks has recommended users:
Do not download apps from third-party stores.
Do not jailbreak iOS devices.
Do not connect their iOS devices to untrusted computers and accessories, either to copy information or charge the machines.
Do not accept requests for a new "enterprise provisioning profile" unless it comes from an authorized party like the employer's IT department.
No comments:
Post a Comment