Nov 12

New iOS Malware. Be aware but don’t be concerned

app_store_iconUPDATE 18TH NOV, 2014: The individuals behind the Wirelurker malware were arrested and the rogue App Store closed down by Chinese aithorities.

My brief for this website has always been to wade through all the websites, filter out the rubbish and give you what is – admittedly in my opinion – the important (and factual) remains.

This latest round of scary headlines from the popular press fits this description very well.

In the last few days there have been two iOS (iPhone and iPad operating systems) threats identified in the popular press with headlines such as:

More malware warnings for Apple: Firm claims exploit used to create WireLurker app could lead to rogue iOS apps that steal user data

or

Apple iOS bug makes devices vulnerable to attack – experts

So what are the real facts? Should you be concerned?

For starters this is not a bug. Both these exploits (and I will get into what they are in a minute) rely on the user doing the wrong thing. In the same way that leaving your door wide open when you go to bed is not a manufacturing defect with your front door, these exploits are not a defeat of iOS.

The first “threat” that was a “bug” in the system is so laughable it is hard not to just dismiss it but here goes…..

The threat is called “WireLurker” and it can infect your iOS device if, wait for it, you download apps from a rogue Chinese Appstore. Yes, you read that correctly!

On every iOS device there is the Appstore icon (see icon at the top of the page). This is, and always has been, your window to all the Apps and updates for your iPhone or iPad. People who jail break their phones (remove the Apple security) are able to go to other App stores that do not have the same level of control as Apple’s Appstore and so they can be downloading literally all kinds of infected software onto their iPhone or iPad – something Android users have been enjoying for many years.

Now while it is true that, for reasons I don’t understand, iPhones in China that have NOT been jailed broken can still access these rogue stores, it is still worth remembering that this is NOT APPLE’S APP STORE.

So the way to avoid WireLurker is:

DON’T DOWNLOAD APPLICATIONS FROM ANYWHERE OTHER THAN THE APP STORE.

Here is what it might look like on your phone.

iphone-3g1

The only other interesting thing about Wirelurker is that if someone plugs a phone that has accessed this rogue Chinese store into your Mac it can infect the iOS apps on your Mac. This in turn can infect your iPhone when you plug it in. A remote possibility and one that might see us refuse to allow strangers to charge their iPhone via our Macs USB port in the future.

The next Malware sensation is called Masque Attack.

This one works by someone sending an sms to your phone with a link saying something like “Hey, here is the latest version of Flappy Birds” and you click on it. It will take you to a webpage that encourages you to “Update” or “Download” and instead of getting Flappy Birds  it downloads a fake version of Gmail or Mail and hence forth reads all your emails and steals your personal information.

So, just like Masque before it, this Malware relies on the user not using official channels, namely the AppStore.

If you remember these golden rules you have nothing to fear and these Malware threats are a non-event.

 

APPLE WILL NEVER SEND YOU AN SMS OR AN EMAIL OFFERING AN UPDATE. DELETE SUCH MESSAGES IMMEDIATELY.

NEVER CLICK ON ANY LINK THAT OFFERS TO TAKE YOU TO THE APPSTORE; USE THE ICON PROVIDED.

ALWAYS USE THE APPSTORE ICON TO DOWNLOAD, SEARCH FOR, OR UPDATE APPS.

 

Permanent link to this article: http://macservicesact.com.au/new-ios-malware-be-aware-but-dont-be-concerned/

2 comments

    • Kate Cowie on November 12, 2014 at 9:57 AM
    • Reply

    Hi Rennie,
    thanks for bringing us up to date. Very useful, given the alarmist headlines,

    Kate

    • Alan Powrie on November 12, 2014 at 10:23 AM
    • Reply

    Thank you once again Renny for yet another great article.

Leave a Reply

Your email address will not be published.