Two new attacks have been revealed in the past week that can affect Mac computers, iPhones, and iPads. Like a certain virus that’s recently gripped the nation, they can infect without making themselves known until it’s almost too late. Here’s what you need to know to stay clean.
WHAT ARE THEY?
Masque Attack replaces legitimate apps on your iPhone/iPad, such as Facebook, Google Maps, or The Weather Channel. It works by attracting users to install apps outside of the official App Store, by following a link in a text message or email. These app replacements contain malicious code that can track your personal information.
WireLurker actively watches for any iPhone/iPad connected to an infected Mac, and installs and downloads third-party apps to the device without your permission. Macs can become infected by installing apps from untrusted sources. The apps installed to your iPhone or iPad also contain malicious code that can track personal information.
WHAT SHOULD I DO?
There are a few recommendations we have for avoiding these attacks. First and foremost, we advise that you only install software from trusted sources. We recommend installing apps downloaded from the App Store on your Mac, iPhone, or iPad.
If you absolutely need to install an app on your Mac that is not from a trusted source (i.e. NOT the App Store), you can allow the app to run by holding down the Control key, click the application icon, and choose “Open” from the context menu that appears. A popup will appear asking you to confirm the action. Click the “Open” button to continue.
We also recommend you avoid pairing your iPhone/iPad with unknown computers or sources. Only pair them with computers and devices that you trust. Additionally, we recommend using official Apple charging cables to charge and sync your devices.
Apple has released statements indicating that they’ve blocked the apps and have prevented them from launching on devices. By following our recommendations regularly, you will actively keep your computers and devices safe from malicious attacks.