New ios malware targets devices through chinese app stores – Breaking News & Latest Updates 2026
Skip to main content
The homepageThe VergeThe Verge logo.
The homepageThe VergeThe Verge logo.

New iOS malware spreads through infected desktop software

by

Source Palo Alto Networks and (2)

iPhone users are usually considered safe from malware, but a new report from Palo Alto Networks suggests that reputation may be about to change. Palo Alto’s researchers have discovered a bug called Wirelurker, which the company says may have already impacted hundreds of thousands of users. The bug is primarily spreading through the Maiyadi App Store, a third-party source for OS X software in China, and researchers estimated the infected apps have been downloaded 356,104 times already. Once the computer is infected, Wirelurker spreads to iOS devices that connect over USB, rewriting existing programs on the device through binary file replacement. It’s the first such bug that can infect iPhones that haven’t been jailbroken, using the rarely examined enterprise provisioning system, intended to allow large companies to deploy software without going through the app store approval process.

Ironically, once Wirelurker gains access to a non-jailbroken iPhone, the program simply side-loads a non-malicious comic book app onto the phone, using a forged enterprise provisioning certificate. Palo Alto researchers suspect it’s a test payload to ensure the system works before moving on to more profitable ends. For jailbroken phones, the malware rewrites the apps for the TaoBao and AliPay apps (Alibaba’s applications for auctions and payments, respectively) so as to harvest payment information.

But even with its current limitations, the bug represents the first serious compromise of iOS security, and presents security researchers with a number of novel attack vectors that must now be secured. Palo Alto Networks has already developed software that will let users test for the bug, but in the meantime, they recommend users avoid third-party app stores and avoid using USB-based chargers from unknown sources. “This malware is under active development,” the report says, “and its creator’s ultimate goal is not yet clear.”

11/5 9:47pm ET: Updated with more information on the Wirelurker payload

Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates.

Most Popular

Most Popular
  1. Apple agrees to pay iPhone owners $250 million for not delivering AI Siri
  2. Valve just imported 50 tons of game consoles in two days
  3. Google’s AI architect lived rent-free in Elon Musk’s head
  4. Bose takes a swing at Sonos with its new home speakers
  5. Microsoft’s new Xbox shake-up is all about platform changes

More in Apple

Top Stories