Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Chinese sites hosting 'Wirelurker' Mac-to-iOS malware taken down, suspects arrested

Last updated

A Beijing government agency on Monday announced the arrest of three suspects thought to be behind the so-called "WireLurker" trojan targeting Mac and iOS devices, saying websites hosting the malware have been shut down.

In a post to Chinese microblogging site Sina Weibo, the Beijing Municipal Public Security Bureau said it identified and subsequently closed down "WireLurker" operations last Friday. Three suspects were taken into custody under charges of conspiring to use the malware to illegal profits. The news was first spotted by ZDNet.

Detailed in a paper from security research firm Palo Alto Networks earlier this month, WireLurker is a specialized piece of malware that inserts itself onto a Mac running OS X, then jumps to iOS devices over USB. Unlike past attacks, WireLurker is capable of affecting non-jailbroken hardware. The program has reportedly been in the wild for past six months in China.

Taking advantage of an app provisioning vulnerability, WireLurker lays dormant on a user's computer in an infected OS X app. The malware monitors for new iOS devices and installs malicious apps downloaded from an off-site server or generated autonomously on-device. From there, the program can access user information like contacts, read iMessages and perform other functions determined by the command-and-control server.

As noted by AppleInsider, WireLurker is only a threat to users who disable Apple's default security measures, as the enterprise provisioning certificates used in the attack were blocked by Apple shortly after discovery.

With Apple's global smartphone marketshare continues to rise, so do the number of attempts to surreptitiously harvest data from unsuspecting consumers. A week after WireLurker popped up on the radar, another piece of malware dubbed "Masque Attack" was discovered. Masque Attack also takes advantage of Apple's app provisioning system to install nefarious software on iOS devices, but is unique in that it replicates existing apps to trick users into handing over sensitive information.