专栏 - 苹果2_0


Philip Elmer-DeWitt 2014年11月11日



    据位于加州的企业防火墙公司帕洛阿尔托网络(Palo Alto Networks)称,在过去六个月中,一种新的恶意软件悄然侵入了装有OS X和iOS系统的设备,这种软件会搜集信息,并筹备某些未明攻击。









    “如果一台OS X电脑感染了WireLurker病毒,任何通过USB数据线与该电脑连接的iOS设备,无论是否越狱,都会被监控并自动安装下载好的第三方应用或自动生成的恶意应用。这就是为何我们叫它WireLurker(数据线潜伏者)。”


    Compared with Android phones or Windows PCs, Apple’s products are relatively impervious to malware, which is what makes WireLurker so interesting.

    According to Palo Alto Networks, a California company that sells firewalls to businesses, a new family of malware has been quietly infiltrating OS X and iOS devices for the past six months, gathering information and preparing for some kind of unspecified attack.

    The researchers who discovered the plot called it WireLurker because it can infect even pristine, non-jailbroken iPhones and iPads through computer cables.

    There are no reports of WireLurker infecting Apple devices outside China, and Apple says it has taken steps to prevent that from happening.

    “We are aware of malicious software available from a download site aimed at users in China, and we’ve blocked the identified apps to prevent them from launching,” anspokesperson told Fortune. “As always, we recommend that users download and install software from trusted sources.”

    The fact that someone found a way to do it has to be troubling news for Apple, which markets itself as the company that protects its users’ privacy and keeps them safe.

    Getting through Apple’s defense systems wasn’t easy, and it required the breeding ground of hundreds of millions of jailbroken Chinese iOS devices to get started.

    Researchers at Palo Alto Network’s PANW 3.50% Unit 42 traced WireLurker to a third-party Mac application store in China called Maiyadi App Store. There it “trojanized” 467 OS X applications, according to a white paper published Wednesday, and those apps were downloaded more than 356,104 times. In all, hundreds of thousands of users may have been affected.

    To download the infected apps, users would have had to change the security settings on their Macs and ignore several pop-up warnings.

    But once installed, the apps could make the leap to devices that followed all the rules.

    From Palo Alto Network’s press release:

    WireLurker monitors any iOS device connected via USB with an infected OS X computer and installs downloaded third-party applications or automatically generated malicious applications onto the device, regardless of whether it is jailbroken. This is the reason we call it ‘wire lurker’…

    “WireLurker is capable of stealing a variety of information from the mobile devices it infects and regularly requests updates from the attackers command and control server. This malware is under active development and its creator’s ultimate goal is not yet clear.”

1 2 下一页