Identified by security researchers Palo Alto Networks on Wednesday, the malware has been spotted shipping alongside pirated copies of Chinese Mac apps, before jumping to iPhones and iPads over a USB cable.
Apple says that it is “aware of malicious software available from a download site aimed at users in China, and we’ve blocked the identified apps to prevent them from launching.”
The company did not elaborate on how it is carrying out the blocking, but did emphasise that “as always, we recommend that users download and install software from trusted sources”.
The infected apps were discovered on the Maiyadi App Store, a third-party application store based in China which is largely filled with pirated and unauthorised copies of major apps, such as Dropbox, Spideroak and Autodesk.
Wirelurker works by abusing capabilities in Apple’s operating systems designed to enable large enterprises to install their own applications on employees’ devices. That enables the malware to not only scrape data from affected users’ iOS devices, but even go so far as to install third-party applications on those devices, and infect installed applications.
It is the first in-the-wild malware family that can do this, and only the second ever that attacks iOS devices through OS X via USB.
A second Apple vulnerability disclosed this week, known as Rootpipe, remains unpatched. The researcher who discovered it has not revealed how the vulnerability, which lets attackers gain root privileges without entering a password, can be abused, and says he is waiting for Apple to issue a patch.