Apple has blocked a new family of malicious software from a download site in China targeting iOS users.

Reuters reported that the attack was only able to collect messaging IDs and contacts. But a representative from Palo Alto Networks, a network security company, said the attackers could have gone after Apple IDs.

Palo Alto Networks said in a research paper Wednesday it found a new family of malware it calls WireLurker that can install third-party apps on Macs. It then waits until the user connects to an iPhone or iPad to steal data from the device. The indirect attack via a Mac appears to be the first that can infect an iPhone like a computer virus.

Greatfire.org said on 20 October that China-based hackers launched a countrywide man-in-the-middle attack on Apple’s iCloud service in China. The attack was said to be similar to those against Google and Yahoo in the past.

Palo Alto confirmed that the malware came from a Chinese third-party apps store for Mac computers and the attack was limited to China. The company estimates more than 450 infected apps were downloaded 356,000 times, the Wall Street Journal said.

Last month, in response to government pressure to improve security of customer data, Apple started hosting mainland users’ data on its iCloud service on China Telecom servers.

Two weeks ago smartphone maker Xiaomi said it would move non-Chinese user data from China-based servers to Amazon servers in the US and data centres in Singapore. The company said the move was driven by performance and privacy issues.