惡意軟體瞄準中國蘋果裝置使用者

Researchers at a Silicon Valley security company said on Wednesday that they had found a new manner in which hackers can infect Apple products.

週三，矽谷(Silicon Valley)一家安全公司的研究人員表示，他們發現了一種黑客攻擊蘋果(Apple)產品的新方式。

The company, Palo Alto Networks, reported that it had uncovered a malware campaign called WireLurker targeting Apple mobile and desktop users and said it was “the biggest in scale we have ever seen.”

帕洛阿爾託網路公司(Palo Alto Network)報告稱，該公司發現了一種名為WireLurker的針對蘋果移動裝置及臺式電腦的惡意軟體，並稱“這是我們見過的規模最大的惡意軟體”。

Though the malware — malicious software designed to cause damage or steal information — is aimed at users in China and can be avoided, the campaign demonstrates new ways that attackers are targeting Apple iOS mobile devices.

雖然這款惡意軟體——旨在造成損害或盜取資訊的軟體——針對的是中國的使用者，而且能夠避免，但此次行動展示了攻擊者侵襲裝有蘋果iOS系統的移動裝置的新方式。

The security company, based in Santa Clara, Calif., said that WireLurker had infected more than 400 applications designed for Apple’s Mac OS X operating system through the Maiyadi App Store, a third-party Mac application store in China. In the last six months, Palo Alto Networks said 467 infected applications were downloaded over 356,104 times and “may have impacted hundreds of thousands of users.”

這家位於加利福尼亞州聖克拉拉的安全公司表示，WireLurker已經通過麥芽地應用商店——中國的第三方Mac應用商店——感染了400多個適用於蘋果Mac OS X作業系統的應用。該公司稱，在過去六個月中，467個被感染的應用已被下載了356104次，“可能已經影響了數十萬使用者。”

The company said users’ iOS devices could also become infected if they connected their mobile device to their Macs through a USB wire. “WireLurker monitors any iOS device connected via USB with an infected OS X computer and installs downloaded third-party applications or automatically generated malicious applications onto the device, regardless of whether it is jailbroken,” Palo Alto Networks security researchers said. “This is the reason we call it ‘wire lurker.’”

該公司稱，使用者如果通過USB連線線將移動裝置與Mac電腦連線，使用者的iOS裝置也會受到感染。“任何iOS裝置只要通過USB連線到受感染的OS X電腦，並安裝下載的第三方應用程式，或自動在裝置上產生惡意應用程式，都會被WireLurker監控，不管裝置是否已經越獄，”該公司安全研究人員說。“因此我們稱之為‘wire lurker’（連線線中的潛藏者）。”

Typically, iOS users can download applications from third parties only if they have “jailbroken” their phones, or altered them to run software Apple has not authorized. With WireLurker, an infected application can reach a non-jailbroken phone from an infected Mac OS X system, which is why Palo Alto Network researchers say WireLurker represents a “new brand of threat to all iOS devices.”

iOS使用者通常只有將手機“越獄”——改變手機以執行未經蘋果授權的軟體，才能從第三方下載應用。被Wirelurker感染的應用能夠通過受感染的Mac OS X系統侵襲尚未破解的手機，因此帕洛阿爾託網路公司的研究人員稱，Wirelurker代表一種“針對所有iOS裝置的新威脅”。

Researchers say that once WireLurker is installed on a Mac, the malware listens for a USB connection to an iOS device and immediately infects it. Once infected, WireLurker’s creators can steal a victim’s address book, read iMessage text messages and regularly request updates from attackers’ command-and-control server. Though the creator’s ultimate goal is not yet clear, researchers say the malware is actively being updated.

研究人員稱，一旦WireLurker被安裝到Mac電腦上，這款惡意軟體就會等待使用者通過USB連線iOS裝置，然後立即感染該裝置。一旦被感染，WireLurker的製造者就能竊取受害人的通訊簿、讀取iMessage中的簡訊並定期從攻擊者的指揮控制伺服器發出更新請求。儘管尚不清楚製造者的最終目的，但研究人員稱，有人正在積極更新該惡意軟體。

“They are still preparing for an eventual attack,” said Ryan Olson, the director of threat intelligence at Palo Alto Networks. “Even though this is the first time this is happening, it demonstrates to a lot of attackers that this is a method that can be used to crack through the hard shell that Apple has built around its iOS devices.”

“他們還在為最後的攻擊做準備，”該公司威脅情報事務負責人瑞安·奧爾森(Ryan Olson)說。“儘管這種事情是第一次發生，但它向大量攻擊者表明，這種方式可以用來擊破蘋果圍繞其iOS裝置構建起的堅硬外殼。”

Mr. Olson said Palo Alto Networks had alerted Apple to its findings, though an Apple spokesman declined to comment on their reports.

奧爾森稱帕洛阿爾託網路公司已經警告蘋果注意相關發現，但蘋果的一名發言人拒絕就該公司的報告發表評論。

The firm’s advice to Mac and iOS users is to avoid downloading Mac applications or games from any third-party app store, download site or untrusted source, or connecting an iOS device to any untrusted accessories or computers. They also advise users to keep iOS software up to date.

該公司給Mac電腦和iOS使用者的建議是，避免下載任何來自第三方應用商店、下載網站或不受信任的來源的Mac應用或遊戲，並避免將iOS裝置與任何不受信任的配件或電腦連線。他們還建議使用者持續更新iOS軟體。

Separately, last Friday a researcher in Sweden announced that he had uncovered a serious new vulnerability in Yosemite, Apple’s latest OS X operating system. The researcher, Emil Kvarnhammar, said the vulnerability, which he calls “Rootpipe,” allows attackers to gain “root access,”or full administrative control, of a victim’s Mac, allowing them to steal information or run programs of their own.

此外，瑞士一名研究人員上週五宣佈，在蘋果最新的OS X作業系統Yosemite中新發現了一個嚴重的漏洞。這位名叫埃米爾·誇恩哈馬爾(Emil Kvarnhammar)的研究人員表示，被他稱作“Rootpipe”的這個漏洞能讓攻擊者獲取受害者Mac的“根許可權”，即完全的管理控制權，以竊取資訊或執行攻擊者自己的程式。

To date, there is no evidence that the vulnerability has actually been exploited and here, too, it would be difficult for the average Mac user to stumble upon. For hackers to gain control of a Mac, the victim would need to ignore every OS X pop-up security warning.

迄今為止，尚沒有證據表明已經有人利用了這個漏洞，並且普通Mac使用者也很難遇到。因為黑客要想控制Mac，受害者必須要忽略OS X彈出的所有安全警告。

Apple is currently patching the Rootpipe vulnerability, but it is not clear when the patch will be completed.

蘋果正在修補Rootpipe漏洞，但尚不清楚修補工作何時完成。