iOS is considered to be the most secure operating system on the market, but yesterday there was a disturbing news about a virus that can infect iPhones and iPads via USB. Not that there isn't any malware targeting iOS, but it was only targeted at users who had jailbroken their device, compromising the system's security among other things. A virus called WireLurker is even more worrying, as it can attack even non-jailbroken devices.
The malware was discovered yesterday by researchers from Palo Alto Networks. WireLurker appeared on the Chinese software store Maiyadi, which hosts a large number of games and applications. Among the attacked software were, for example, the games Sims 3, Pro Evolution Soccer 2014 or International Snooker 2012. These are probably pirated versions. After launching the compromised app, WireLurker waits on the system until the user connects their iOS device via USB. The virus detects if the device has been jailbroken and proceeds accordingly.
In the case of non-jailbroken devices, it uses the certificate to distribute company applications outside the App Store. Although the user is warned about the installation, once they agree to it, WireLurker gets into the system and is able to obtain user data from the device. The virus thus practically does not use any security hole that Apple should patch, it only abuses the certificate that allows applications to be uploaded to iOS without Apple's approval process. According to Palo Alto Networks, the attacked applications had over 350 downloads, so several hundreds of thousands of Chinese users in particular may be at risk.
Apple has already started to address the situation. Blocked Mac applications from running to prevent malicious code from running. Through its spokesperson, it announced that “the company is aware of a downloadable malware on the site that targets Chinese users. Apple has blocked the identified apps to prevent them from running”. The company further revoked the certificate of the developer from whom WireLurker originated.
According to Dave Jevans of mobile security firm Marble Security, Apple could further prevent the spread by blocking the Maiyadi server in Safari, but that would not prevent users of Chrome, Firefox and other third-party browsers from visiting the site. Furthermore, the company could update its built-in XProtect antivirus to prevent the installation of WireLurker.
I confess that I do not understand the article.
What is disturbing? The fact that a virus attacks iOS without a jailbreak, but how? The user knowingly installs stolen SW, it infects his OSX and then distributes itself to the phone, where the user is not at all surprised that if he does not install anything there, that it asks him to install a third-party certificate???
It can be worrying that the certificate can look like something quite reliable and harmless, for example an eduroam profile.
I don't know about the iPhone, so it seems to me that everything outside the App Store is unreliable and harmful :(
That's true.. But it's the same with other Android devices, and they don't even need jailbreak/root.. ;) That's the advantage that with iOS one doesn't have to deal with anything, and even peaceful without disturbances, if one doesn't want to steal applications, or doing something that "shouldn't", e.g. changing the design of the entire system via JB, because apple didn't fix it, which means that the device probably won't tighten it to 100%, so they didn't put it there.. Simply, iOS is secure when you're not trying to steal something.. After all, nothing is that safe, and that's how it should be.. Even with music.. Everything should be paid for.. Apple came the closest to it, since nothing can be downloaded through the device, only to 3rd-party apps that eat a lot of battery, and they could avoid that too if they wanted ;)
The only thing I stole in my life was music/movies, and half of that I got the original for my birthday/Christmas, or I bought it, and I paid for all the apps.. I had a jailbreak, but I still bought everything.. Na I spent at least 100 euros on the appstore for iOS, and 30 on the mac, of which mafia 2 for 5 euros because it was in the market, even though it annoyed me that I bought it on the PC for 60 euros, and I can't install it on the mac, and I will pay another 5 to pay, but I still paid for it, and I didn't download it somewhere on the net.. And I also stole Adobe programs, because I don't have money for them, and I need them.. I'm not using them to sell pictures or anything yet, but if I were to, so I would put aside the money that adobe gave me and buy those programs..
so I'm not able to understand what he wanted to tell us, mato: everything has to be paid for - I stole music/films - I stole adobe.
so the summary is that I will not steal if I do not want or need the stolen thing. you can be really proud of such an opinion
?? If a person is willing to pay for at least half, then I don't see a problem with that, another person will pay the other half and download mine for free.. Those things are very expensive, basically you can get them cheaper, but not for free.. What you need and don't have for that, it's normal that you download it for free.. But if I used, for example, photoshop and made money with it, the first thing I would do with that money is pay Adobe for their program... And that's how it would be should be.. If you use professional software just for fun, or to learn how to work with it, I agree that people should not pay for it, and download it, but if they work with it, why not?.. the only thing I would never never paid for windows in my life.. The last one I paid for was 7, since then only mac os x, or illegally downloaded.. That company is robbing people, the whole microsoft is stupid.. Mac is mac, and they don't want any more for their software than microsoft , when recalculating the price of macbooks.. And the software is much more powerful, and more beautiful, and easier to use.. And the updates are FREE.. ;)
yeah, i got it. you are just a thief who will try to argue with his own conscience that it is actually in order
Good old man.. Did you buy everything you used? Especially when you live in Slovakia?.. I don't think so.. Those prices are good for other countries, but not for us.. I don't argue with my own conscience.. It bothers me that I don't have anything to buy it with.. I haven't been stealing music for a year and a half , movies don't either. Since they made services where I pay 10 euros a month, I have no problem paying, e.g. deezer, voyo, sosac.ph... But if I had to pay for each movie separately, it's expensive for a Slovak... and besides, I'm not even 18 yet, so I think it's normal that I don't have the time to buy everything ;)
Hello - I have a respectful question - with an iPhone, I connect to a classic laptop with the Win 8 operating system. If I download something to the iPhone, then only through the App Store. I do my best not to introduce a virus into NTB (but of course it can happen). Am I at risk from any of the things mentioned in the article? Apologies to all the IT geeks out there, but I'm a normal user and I don't have any jailbreak….
I think he will. The problem is not in the jailbreak as such, but in the Chinese peaudo-app-store.
99% of this doesn't apply to you...
None of this is in danger. This only applies to those who downloaded some Chinese alternative program store on OS X.
Gentlemen - thank you all for the positive info :-)
"IOS devices at risk of chinchilla virus" - a bit of an alarmist headline, don't you think. The virus does not threaten all iOS devices, but only those whose owners are playing super hackers, or are sorry for a few € for an app... Normal users can rest easy. ✌️