The Hits Keep Coming To Apple's iOS

  • Published in Apps

iPadAnother bit of malware, named WireLurker, has been discovered targeting iPhones and iPads.

iPhone and iPads are infected when the device is connected through USB to a Mac computer where an infected OS X app has been downloaded. The source of the infection is reported to be third-party OS X apps in the Maiyadi App Store in China.  For the time being most of the reports of infection are located in China.  Apple devices are at risk whether they've been jailbroken or not.

Security firm Palo Alto Networks researcher Claud Xiao has said this "heralds a new era in malware attacking Apple's desktop and mobile platform" and is "the biggest in scale we have ever seen."

The larger the Apple market share, the more attractive Apple becomes as a target for cyber criminals.

Palo Alto Networks says the infected WireLurker app has been downloaded over 356,000 times to OS X computers, how many of those computers have attached via USB to an iPhone or iPad is unclear.  Once infected the malware has the capability of stealing "a variety of information" from the mobile device.

The recommendation is the same for iOS or Android, don't download from third-party app stores.

If nothing else, this malware is a proof of concept for malware / virus developers that Apple devices are not impenetrable.

Read more...

Not A Good Week To Own A Mac

On the heels of the ShellShock aka Bash disclosure that Mac OS X is included in the list of vulnerable operating systems comes word that hackers are using Reddit to connect Macs to a Botnet.

First let's start with what is a Botnet?  A botnet is a collection of programs interconnected via the Internet communicating with other similar programs in order to perform tasks. When the program is installed on numerous computers, those programs depend on instructions from the command and control server they are connected to for information on tasks to be performed. They can be connected together by the command and control server to create a spam bot, where machines are brought together to send unwanted or malicious emails, or another example would be when a botnet is used in a DDoS (distributed denial of service) attack often against a government body or corporation.

Cyber criminals have developed a malware, dubbed Mac.BackDoor.iWorm, using C++ and Lua to open a backdoor into Mac OS X machines. When the malware is launched it saves it's configuration in a separate file and attempts to read the /Library directory, then uses system queries to determine the home directory of the Mac OS X account under which it is running, it then writes the data needed for it to continue to operate into this file.  Next Mac.BackDoor.iWorm opens a port on the computer, sends a request to a remote site for a list of control servers, connects to the remote servers and then waits for instructions.

MacOSX

Reddit comes in to play as Mac.BackDoor.iWorm is using the search service at reddit.com to return results listing botnet C&C servers and ports published by the cyber criminals in the comments posted to minecraftserverlists under an account vtnhiaovyd. The malware, now a bot, picks a random server from the list to connect to. When the bot successfully connects to the server, it sends information about the open port on the machine it's infected as well as a unique ID for that machine that was created as a part of the configuration when it installed.

Now that machine waits for instructions from the Command and Control Server. As of the latest reports there is no evidence that these bots have received any instructions. Information obtained by Doctor's Web researches showed 17,658 computers had been infected by the malware and were part of the botnet as of September 26, 2014; a week later there are no available statistics for additional infected Macs. Of those infected over a quarter are in the US.

For anyone who continues to believe that Macs are safe and unaffected by viruses and malware, let this week be a wake up call.  Previously Macs have been a less frequent target not due to their security, but due to their smaller market share.  The more Macs on the market the more cyber criminals will be targeting them.  

Read more...
Subscribe to this RSS feed

Contact us

Phone: (775) 852-1811

Toll Free: (866) 511-1331

Fax: (775) 852-1844

Email: info@tsis.net

Physical Address:

800 South Meadows Parkway

Suite 600

Reno, NV 89521

Log in or Sign up