Apple Blocking Malicious Software Aimed at China Users

Updated on

Apple Inc. has begun blocking malicious software aimed at users of its products in China.

The iPhone maker announced the steps following a report yesterday by security service provider Palo Alto Networks Inc. about WireLurker, a new type of malware designed to steal information from applications running on Apple’s OS X operating system for laptops and computers, and mobile devices with iOS.

Products by Cupertino, California-based Apple are considered less vulnerable to viruses and hacks compared with other computers, such as those running Microsoft Corp.’s Windows. While the burden of detecting and preventing security threats is now increasingly handled within computer networks, there are still threats that can reach individual devices.

“Apple is not impervious and any platform can be attacked,” said Lawrence Pingree, a security and privacy analyst at Gartner Inc. “The attackers are targeting where the money is. They are driven by account information for performing fraud as more people start to do payments on their mobile devices.”

WireLurker was first spotted by a developer at China-based Tencent Holdings Ltd. in June, Santa Clara, California-based Palo Alto Networks said in yesterday’s report. It’s probably the first known malware capable of infecting software on Apple’s mobile devices in a manner similar to traditional viruses, the security company said.

Trusted Sources

“We are aware of malicious software available from a download site aimed at users in China, and we’ve blocked the identified apps to prevent them from launching,” Apple said in an e-mailed statement. “As always, we recommend that users download and install software from trusted sources.”

The malware was found to have taken control of 467 OS X applications in the past six months on Maiyadi App Store, a third-party Mac app store in China. These apps were downloaded more than 356,000 times and may have affected hundreds of thousands of users, according to the Palo Alto Networks report.

“The ultimate goal of the WireLurker attacks is not completely clear,” the report said. “The functionality and infrastructure allows the attacker to collect significant amounts of information from a large number of Chinese iOS and Mac OS systems, but none of the information points to a specific motive.”

The WireLurker malware is capable of stealing information from iPhones, including device ID, phone numbers and other basic information, Palo Alto Networks said. It’s also one of the first computer viruses that can infect registered devices, in addition to “jailbroken” devices that have been unlocked and are more vulnerable to malicious attacks.

“WireLurker is unlike anything we’ve ever seen in terms of Apple iOS and OS X malware,” Ryan Olson, Palo Alto Networks’ intelligence director, said in a statement. “The techniques in use suggest that bad actors are getting more sophisticated when it comes to exploiting some of the world’s best-known desktop and mobile platforms.”