An Apple worm?
- Thread starter REWahoo
- Start date
Chuckanut
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Before all the Apple users panic and head for the hills in sheer terror, wait a bit. See what really knowledgeable people like Steve Gibson have to say in a few weeks after they have thoroughly looked into it.
https://www.grc.com/securitynow.htm
https://www.grc.com/securitynow.htm
NW-Bound
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
- Joined
- Jul 3, 2008
- Messages
- 35,712
In a nutshell, this worm "crawls" from an infected Apple computer to an iPhone when the two are connected via USB.
As I have an old iPhone but no Apple computer, this does not affect me.
Oh wait! My iPhone is not even turned on most of the time. I am completely safe.
As I have an old iPhone but no Apple computer, this does not affect me.
Oh wait! My iPhone is not even turned on most of the time. I am completely safe.
M Paquette
Moderator Emeritus
Be careful about buying or downloading Macintosh applications from the Maiyadi App Store, a third-party Mac application store in China.
Apple has added a signature to the download inspector, Gatekeeper to recognize the 'iWorm/WireLurker' installer hidden in these apps and block it from running.
If you see an alert like this, Gatekeeper has spotted Something Bad that you really shouldn't try to run:
If you have previously installed applications from the Maiyadi App Store, your system may be affected.
The most obvious symptom will be the appearance of strange apps on your iOS device that you have not purchased.
More details are available in the PaloAltoNetworks report on WireLurker:
https://www.paloaltonetworks.com/co...ets/pdf/reports/Unit_42/unit42-wirelurker.pdf
Apple has added a signature to the download inspector, Gatekeeper to recognize the 'iWorm/WireLurker' installer hidden in these apps and block it from running.
If you see an alert like this, Gatekeeper has spotted Something Bad that you really shouldn't try to run:
If you have previously installed applications from the Maiyadi App Store, your system may be affected.
The most obvious symptom will be the appearance of strange apps on your iOS device that you have not purchased.
More details are available in the PaloAltoNetworks report on WireLurker:
https://www.paloaltonetworks.com/co...ets/pdf/reports/Unit_42/unit42-wirelurker.pdf
M Paquette
Moderator Emeritus
Update: WIreLurker C&C network shut down
The WireLurker command and control infrastructure has been shut down, and the Apple digital certificate that was used to sign the code has been revoked, removing the ability to infect non-jailbroken iOS devices.
The WireLurker command and control infrastructure has been shut down, and the Apple digital certificate that was used to sign the code has been revoked, removing the ability to infect non-jailbroken iOS devices.
HFWR
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Cue CFB...
Sent from my iPad using Early Retirement Forum
Sent from my iPad using Early Retirement Forum
ERD50
Give me a museum and I'll fill it. (Picasso) Give me a forum ...
Reviving this, as I wanted to check my notes before commenting, and I just found them:
DD recently told me she was having problems with her MacBook Pro, her browsers had underlines for all the text which linked to ads, and ads would pop up and open new windows, and take over her home page. Not good.
She said it seemed to happen after she downloaded some Adobe software she needed for a school project - but.... she didn't remember where she downloaded it from. So I suspect that was a scam site, and told her always go directly to the source (Adobe in this case), and download it from their site.
So some googling, and I find references to "Trovi adware".
How to remove Trovi adware from Mac
It basically involved resetting the browser and doing a bunch of searches to find and remove files with some of the names they list. Fixed it.
-ERD50
DD recently told me she was having problems with her MacBook Pro, her browsers had underlines for all the text which linked to ads, and ads would pop up and open new windows, and take over her home page. Not good.
She said it seemed to happen after she downloaded some Adobe software she needed for a school project - but.... she didn't remember where she downloaded it from. So I suspect that was a scam site, and told her always go directly to the source (Adobe in this case), and download it from their site.
So some googling, and I find references to "Trovi adware".
How to remove Trovi adware from Mac
It basically involved resetting the browser and doing a bunch of searches to find and remove files with some of the names they list. Fixed it.
-ERD50
