Santa Clara, Calif., November 5, 2014 – Palo Alto Networks® (NYSE: PANW), the leader in enterprise security, today announced discovery of a new family of Apple OS X and iOS malware exhibiting characteristics unseen in any previously documented threats targeting Apple platforms. This new family, dubbed WireLurker, marks a new era in malware across Apple’s desktop and mobile platforms, representing a potential threat to businesses, governments and Apple customers worldwide.

Among its defining characteristics, WireLurker represents:

  • The first known malware family that can infect installed iOS applications similar to how a traditional virus would
  • The first in-the-wild malware family that can install third-party applications on non-jailbroken iOS devices through enterprise provisioning
  • Only the second known malware family that attacks iOS devices through OS X via USB
  • The first malware family to automate generation of malicious iOS applications through binary file replacement

WireLurker malware was discovered by Claud Xiao of Unit 42, the Palo Alto Networks threat intelligence team, and detailed in a report released today, “WireLurker: A New Era in OS X and iOS Malware.”

Following its initial observation in the wild in June by a developer at Tencent, Palo Alto Networks researchers have determined WireLurker’s potential impact, assessed the methods available to prevent, detect, contain and remediate the threat, and detailed the protections available for Palo Alto Networks customers.

Palo Alto Networks has released signatures to detect all WireLurker Command & Control communication traffic. It is recommended that customers using OS X or iOS devices deploy a strict policy for blocking WireLurker traffic using the Palo Alto Networks enterprise security platform. A full list of system recommendations, remediation techniques and best practices is included in the WireLurker report.

 

QUOTE

  • "WireLurker is unlike anything we’ve ever seen in terms of Apple iOS and OS X malware. The techniques in use suggest that bad actors are getting more sophisticated when it comes to exploiting some of the world’s best-known desktop and mobile platforms. As such we have provided full protection to Palo Alto Networks customers and published a detailed report so others can assess the risk and take appropriate measures to protect themselves.”

– Ryan Olson, Intelligence Director, Unit 42, Palo Alto Networks

 

To learn more

 

Upcoming Unit 42 Appearances

Unit 42, the Palo Alto Networks threat intelligence team, is made up of accomplished cybersecurity researchers and industry experts. Unit 42 gathers, researches and analyzes up-to-the-minute threat intelligence, sharing insights with Palo Alto Networks customers, partners and the broader community to better protect organizations. Unit 42 team leads regularly appear at industry conferences throughout the world. In November, Unit 42’s regular roadshow will make three stops in Canada:

 

ABOUT PALO ALTO NETWORKS

Palo Alto Networks is leading a new era in cybersecurity by protecting thousands of enterprise, government, and service provider networks from cyber threats.  Unlike fragmented legacy products, our security platform safely enables business operations and delivers protection based on what matters most in today's dynamic computing environments: applications, users, and content.  Find out more at www.paloaltonetworks.com.

Palo Alto Networks and the Palo Alto Networks Logo are trademarks of Palo Alto Networks, Inc. in the United States and in jurisdictions throughout the world. All other trademarks, trade names or service marks used or mentioned herein belong to their respective owners.

Media Contacts:
Jennifer Jasper-Smith
Head of Corporate Communications
Palo Alto Networks
408-638-3280
jjsmith@paloaltonetworks.com

Tim Whitman
Voce Communications
617-721-5994
twhitman@vocecomm.com

 

 


 

What is a denial of service attack (DoS) ?

A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users by flooding it with traffic.
  • 3
  • 60303

Product Summary Specsheet

Key features, performance capacities and specifications for all Palo Alto Networks firewalls.
  • 86
  • 239888

What is an Intrusion Prevention System?

An Intrusion Prevention System (IPS) is a network security prevention technology that examines network traffic flow to detect and prevent vulnerability exploits
  • 5
  • 109940

What is a Zero Trust Architecture?

Businesses who want to prevent the exfiltration of sensitive data and improve their defense against modern cyber threats can consider a Zero Trust architecture.
  • 1
  • 41229

What is Cybersecurity?

Cybersecurity refers to the preventative techniques used to protect the integrity of networks, programs and data from attack, damage, or unauthorized access.
  • 4
  • 83354

PA-5200 Series Datasheet

Palo Alto Networks® PA-5200 Series of next-generation firewall appliances is comprised of the PA-5280, PA-5260, PA-5250 and PA-5220.
  • 21
  • 90161