惡意軟件瞄準(zhǔn)中國(guó)蘋(píng)果設(shè)備用戶
Researchers at a Silicon Valley security company said on Wednesday that they had found a new manner in which hackers can infect Apple products.
周三,硅谷(Silicon Valley)一家安全公司的研究人員表示,他們發(fā)現(xiàn)了一種黑客攻擊蘋(píng)果(Apple)產(chǎn)品的新方式。
The company, Palo Alto Networks, reported that it had uncovered a malware campaign called WireLurker targeting Apple mobile and desktop users and said it was “the biggest in scale we have ever seen.”
帕洛阿爾托網(wǎng)絡(luò)公司(Palo Alto Network)報(bào)告稱,該公司發(fā)現(xiàn)了一種名為WireLurker的針對(duì)蘋(píng)果移動(dòng)設(shè)備及臺(tái)式電腦的惡意軟件,并稱“這是我們見(jiàn)過(guò)的規(guī)模最大的惡意軟件”。
Though the malware — malicious software designed to cause damage or steal information — is aimed at users in China and can be avoided, the campaign demonstrates new ways that attackers are targeting Apple iOS mobile devices.
雖然這款?lèi)阂廛浖?mdash;—旨在造成損害或盜取信息的軟件——針對(duì)的是中國(guó)的用戶,而且能夠避免,但此次行動(dòng)展示了攻擊者侵襲裝有蘋(píng)果iOS系統(tǒng)的移動(dòng)設(shè)備的新方式。
The security company, based in Santa Clara, Calif., said that WireLurker had infected more than 400 applications designed for Apple’s Mac OS X operating system through the Maiyadi App Store, a third-party Mac application store in China. In the last six months, Palo Alto Networks said 467 infected applications were downloaded over 356,104 times and “may have impacted hundreds of thousands of users.”
這家位于加利福尼亞州圣克拉拉的安全公司表示,WireLurker已經(jīng)通過(guò)麥芽地應(yīng)用商店——中國(guó)的第三方Mac應(yīng)用商店——感染了400多個(gè)適用于蘋(píng)果Mac OS X操作系統(tǒng)的應(yīng)用。該公司稱,在過(guò)去六個(gè)月中,467個(gè)被感染的應(yīng)用已被下載了356104次,“可能已經(jīng)影響了數(shù)十萬(wàn)用戶。”
The company said users’ iOS devices could also become infected if they connected their mobile device to their Macs through a USB wire. “WireLurker monitors any iOS device connected via USB with an infected OS X computer and installs downloaded third-party applications or automatically generated malicious applications onto the device, regardless of whether it is jailbroken,” Palo Alto Networks security researchers said. “This is the reason we call it ‘wire lurker.’”
該公司稱,用戶如果通過(guò)USB連接線將移動(dòng)設(shè)備與Mac電腦連接,用戶的iOS設(shè)備也會(huì)受到感染。“任何iOS設(shè)備只要通過(guò)USB連接到受感染的 OS X電腦,并安裝下載的第三方應(yīng)用程序,或自動(dòng)在設(shè)備上產(chǎn)生惡意應(yīng)用程序,都會(huì)被WireLurker監(jiān)控,不管設(shè)備是否已經(jīng)越獄,”該公司安全研究人員說(shuō)。“因此我們稱之為‘wire lurker’(連接線中的潛藏者)。”
Typically, iOS users can download applications from third parties only if they have “jailbroken” their phones, or altered them to run software Apple has not authorized. With WireLurker, an infected application can reach a non-jailbroken phone from an infected Mac OS X system, which is why Palo Alto Network researchers say WireLurker represents a “new brand of threat to all iOS devices.”
iOS用戶通常只有將手機(jī)“越獄”——改變手機(jī)以運(yùn)行未經(jīng)蘋(píng)果授權(quán)的軟件,才能從第三方下載應(yīng)用。被Wirelurker感染的應(yīng)用能夠通過(guò)受感染的Mac OS X系統(tǒng)侵襲尚未破解的手機(jī),因此帕洛阿爾托網(wǎng)絡(luò)公司的研究人員稱,Wirelurker代表一種“針對(duì)所有iOS設(shè)備的新威脅”。
Researchers say that once WireLurker is installed on a Mac, the malware listens for a USB connection to an iOS device and immediately infects it. Once infected, WireLurker’s creators can steal a victim’s address book, read iMessage text messages and regularly request updates from attackers’ command-and-control server. Though the creator’s ultimate goal is not yet clear, researchers say the malware is actively being updated.
研究人員稱,一旦WireLurker被安裝到Mac電腦上,這款?lèi)阂廛浖蜁?huì)等待用戶通過(guò)USB連接iOS設(shè)備,然后立即感染該設(shè)備。一旦被感染,WireLurker的制造者就能竊取受害人的通訊簿、讀取iMessage中的短信并定期從攻擊者的指揮控制服務(wù)器發(fā)出更新請(qǐng)求。盡管尚不清楚制造者的最終目的,但研究人員稱,有人正在積極更新該惡意軟件。
“They are still preparing for an eventual attack,” said Ryan Olson, the director of threat intelligence at Palo Alto Networks. “Even though this is the first time this is happening, it demonstrates to a lot of attackers that this is a method that can be used to crack through the hard shell that Apple has built around its iOS devices.”
“他們還在為最后的攻擊做準(zhǔn)備,”該公司威脅情報(bào)事務(wù)負(fù)責(zé)人瑞安·奧爾森(Ryan Olson)說(shuō)。“盡管這種事情是第一次發(fā)生,但它向大量攻擊者表明,這種方式可以用來(lái)?yè)羝铺O(píng)果圍繞其iOS設(shè)備構(gòu)建起的堅(jiān)硬外殼。”
Mr. Olson said Palo Alto Networks had alerted Apple to its findings, though an Apple spokesman declined to comment on their reports.
奧爾森稱帕洛阿爾托網(wǎng)絡(luò)公司已經(jīng)警告蘋(píng)果注意相關(guān)發(fā)現(xiàn),但蘋(píng)果的一名發(fā)言人拒絕就該公司的報(bào)告發(fā)表評(píng)論。
The firm’s advice to Mac and iOS users is to avoid downloading Mac applications or games from any third-party app store, download site or untrusted source, or connecting an iOS device to any untrusted accessories or computers. They also advise users to keep iOS software up to date.
該公司給Mac電腦和iOS用戶的建議是,避免下載任何來(lái)自第三方應(yīng)用商店、下載網(wǎng)站或不受信任的來(lái)源的Mac應(yīng)用或游戲,并避免將iOS設(shè)備與任何不受信任的配件或電腦連接。他們還建議用戶持續(xù)更新iOS軟件。
Separately, last Friday a researcher in Sweden announced that he had uncovered a serious new vulnerability in Yosemite, Apple’s latest OS X operating system. The researcher, Emil Kvarnhammar, said the vulnerability, which he calls “Rootpipe,” allows attackers to gain “root access,”or full administrative control, of a victim’s Mac, allowing them to steal information or run programs of their own.
此外,瑞士一名研究人員上周五宣布,在蘋(píng)果最新的OS X操作系統(tǒng)Yosemite中新發(fā)現(xiàn)了一個(gè)嚴(yán)重的漏洞。這位名叫埃米爾·夸恩哈馬爾(Emil Kvarnhammar)的研究人員表示,被他稱作“Rootpipe”的這個(gè)漏洞能讓攻擊者獲取受害者M(jìn)ac的“根權(quán)限”,即完全的管理控制權(quán),以竊取信息或運(yùn)行攻擊者自己的程序。