Update: Apple confirmed the security issue in a statement provided to iMore. Apple has also revoked the certificate to prevent the apps from being installed on new devices.
The New York Times reports that a security firm called Palo Alto Networks has uncovered a new form of Apple-focused malware that is capable of infecting non-jailbroken iOS devices. Typically when such software pops up, as it does from time to time, one of the key factors that allows the malicious code to run on iOS is whether the device is jailbroken. The new “WireLurker” malware, however, is installed on the mobile device over USB by an infected Mac.
These infected Mac apps are reportedly coming from the Maiyadi App Store, a third-party software storefront operated in China. Palo Alto Networks says over 400 apps in the store are affected, and have been downloaded over 356,000 times total, potentially resulting in hundreds of thousands of infected devices.
What exactly can WireLurker do once it’s on your iOS device? A better question might be “what can’t it do?” Palo Alto Networks says that the software can access and steal a user’s address book, read their iMessages, and download updates to itself in the background, allowing it to be upgraded with new capabilities without the user ever having to do anything.
Even though the malware seems to be coming mostly from Chinese sources, the company says the best way for all users to avoid getting infected by these types of software is to only download Mac applications from trusted sources like the Mac App Store. Palo Alto Networks also said that it has reported this issue to Apple.