One thing that Apple (and even us) has always bet on is the security it provides to its users. Well, that’s about to change. A newly detected Malware named Wirelurker has already evaded Apple’s claims, breaching the security of over 350,000 iOS devices.
Wirelurker, discovered recently by Palo Alto’s researchers is primarily spreading through the Maiyadi App Store, a third-party source for OS X Yosemite in China. And to shock you all, Researchers have estimated that the infected apps have been downloaded 356,104 times already.
Once installed, the bug spreads to iOS devices via USB and rewrites existing programs on the device through binary file replacement even if the device is not jailbroken. Till date, iOS devices have had a spotless record of no bug ever infecting non jailbroken iOS devices.
Once Wirelurker gains access to a non-jailbroken iPhone, the program installs a non-malicious comic book app onto the phone, using a forged enterprise provisioning certificate. For jailbroken phones, the malware rewrites the apps for the TaoBao and AliPay apps (Alibaba’s applications for auctions and payments, respectively).
The intentions of creators of this bug are still unknown and this might be the first step towards something big. It already has breached Apple’s security and might have even more guts to do more.
Palo Alto Networks has already developed software that will let users test for the bug, but in the meantime, they have recommended users to avoid third-party app stores.