A new malware specifically targeting Apple products has been discovered.
The malicious software is called "WireLurker" and cybersecurity software maker Palo Alto Networks uncovered it, describing it as "the biggest in scale we have ever seen."
"WireLurker monitors any iOS device connected via USB with an infected OS X computer and installs downloaded third-party applications or automatically generated malicious applications onto the device, regardless of whether it is jailbroken," said Palo Alto Networks in a statement. "This is the reason we call it 'wire lurker.' "
Essentially, the malware sits on a computer and waits until a user plugs in their iPhone, giving the hackers access to all of the user's data on that phone. Reportedly the malware has not yet been used to exploit anyone's data, but possibly left on a user's phone to prepare for an attack in the future.
"WireLurker is capable of stealing a variety of information from the mobile devices it infects and regularly requests updates from the attacker's command and control server," continued Palo Alto Networks. "This malware is under active development and its creator's ultimate goal is not yet clear."
The malware is currently only being used to target users in China, however that does not negate the fact that it could eventually make its way to the U.S.
Palo Alto Networks said Tencent Holdings Ltd. first noted the threat in June, after which info about threats started popping up on Apple forums.
Previously, iOS devices could really only be exploited if a user had "jailbroken" their device, or altered the software on the phone to run apps that Apple has not authorized. Now any iOS device is at risk. Apple is reportedly working on a fix, though it has not said when a patch will be released.
'"We are aware of malicious software available from a download site aimed at users in China, and we've blocked the identified apps to prevent them from launching. As always, we recommend that users download and install software from trusted sources," said Apple in a statement.
To avoid being attacked, users should avoid downloading apps that are not on the App Store. They should also avoid connecting their device to any untrusted computer and keep their operating system up to date.
Apple has had a rough week in terms of user security. A Swedish researcher recently found a flaw in Apple's OS X 10.10 Yosemite, which is called "Rootpipe" and allows hackers to gain full access to a victim's computer.