TECH

iOS Experts Worried By Fake App Store's Malware

HONG KONG - SEPTEMBER 19:  Customer looks at the new iPhones on display at the launch of the new Apple iPhone 6 and iphone 6
HONG KONG - SEPTEMBER 19: Customer looks at the new iPhones on display at the launch of the new Apple iPhone 6 and iphone 6 plus at the Apple IFC store on September 19, 2014 in Hong Kong, China. On September 19, Apple's new products, iPhone 6 and iPhone 6 Plus, with iOS 8 featuring 4.7-inch and 5.5-inch displays, have become available in the US, Australia, Canada, France, Germany, Hong Kong, Japan, Puerto Rico, Singapore and the UK, and will be available in more than 20 additional countries beginning on September 26.(Photo by Lam Yik Fei/Getty Images)

Apple's iOS devices have generally been relatively safe from malware threats in the past. But you might want to watch what you plug your iPhone into from now on: New reports say a malicious software called WireLurker is able to infest iOS devices.

While you're probably safe from this specific virus, the way it attacks iPhones and iPads has experts worried.

WireLurker itself is rooted in third-party, Chinese Mac OS X app stores, according to CNET. People sometimes download these "stores" to access unofficial apps, since they're basically home-brewed versions of the App Store that aren't tied down to Apple's approval or standards.

For now, average U.S. users who avoid unvalidated apps and software shouldn't have an issue with WireLurker. But experts say the case is the first-known example of malware that can infect installed apps like a "traditional virus," even on devices that aren't jailbroken -- setting a troubling precedent of malicious software worming its way onto phones that users haven't necessarily altered in an unsafe way.

WireLurker is designed to "steal a variety of information" from users, according to security firm Palo Alto Networks. It gains access to iOS devices after they're plugged into a computer via a USB cable. Palo Alto Networks notes that WireLurker's "creator’s ultimate goal is not yet clear." It's been downloaded over 356,000 times.

In an email, an Apple spokesperson told The Huffington Post that the problem is under control so long as users exercise common sense when downloading apps.

"We are aware of malicious software available from a download site aimed at users in China, and we’ve blocked the identified apps to prevent them from launching," the spokesperson wrote. "As always, we recommend that users download and install software from trusted sources."

Kevin Mahaffey, co-founder of Lookout, a security technology service, said WireLurker may represent a dangerous new trend in malware.

"What's interesting here is that malware attacked a PC in order to gain access to a mobile device, not to attack the PC -- yet another sign that mobile is becoming the dominant computing platform," said Mahaffey in a statement provided via email by a Lookout representative.

For years, conventional wisdom has held that Android devices are much more susceptible to malware than iOS devices. Android devices accounted for 84 percent of the global smartphone market in the third quarter of 2014, according to the research firm Strategy Analytics, and the Guardian reported that 98 percent of mobile malware in 2013 targeted Android devices.

"Now, as the number of iOS devices has grown, especially in geographies where malware tends to originate, iPhones and iPads have become attractive attack targets as well," Mahaffey said. The Guardian reported in February that iOS had a number of security holes and vulnerabilities that Apple appeared slow to fix.

For now, iOS and Android users alike can follow the same advice: Only install apps from trusted sources -- on both your smartphone and your computer.

CONVERSATIONS