Wirelurker

WireLurker is a family of malware targeting both macOS and iOS systems.^[1] The malware was designed to target users in China that use Apple mobile and desktop devices.^[2] The malware was suspected of infecting thousands of Chinese mobile devices.^[3] The security firm Palo Alto Networks is credited with uncovering the malware.^[1]

How it works[edit]

WireLurker monitors any iOS device connected via USB with an infected macOS computer and installs downloaded third-party applications or automatically generated malicious applications onto the device. WireLurker can infect a device regardless of whether it is jailbroken or not. WireLurker is a complex form of malware that utilizes techniques such as file hiding, code obfuscation and encryption. WireLurker is capable of stealing a variety of information from the mobile devices it infects and regularly requests updates from the attackers command and control server.^[1]

Arrests[edit]

Three individuals in China were arrested for the suspicion of creating and distributing the WireLurker malware. The suspects, identified only by their surnames as Wang, Lee and Chen were taken into custody on Thursday November 13, 2014. Chinese authorities believe the suspects created the malware for financial gains.^[4]

Protection[edit]

Several steps can be taken in order to protect yourself from WireLurker and other malware.

Do not install software or applications from unknown or unreliable sources.
Make sure that System Preferences on your Mac are set to: ‘Allow apps downloaded from: Mac App Store and identified developers’.
Keep your security software up to date on your Mac or desktop.
Keep your iOS software up to date on your mobile device.
Do not connect your mobile device to unknown computers.^[5]

References[edit]

^ ^a ^b ^c Xiao, Claud (5 November 2014). "WireLurker: A New Era in OS X and iOS Malware". researchcenter.paloaltonetworks.com.
^ Perlroth, Nicole (5 November 2014). "Malicious Software Campaign Targets Apple Users in China". bits.blogs.nytimes.com.
^ Clover, Juli (17 November 2014). "Chinese Authorities Shut Down WireLurker Distribution Site, Arrest Suspects Involved". www.macrumors.com.
^ Kovacs, Eduard (17 November 2014). "Alleged Creators of WireLurker Malware Arrested in China". www.securityweek.com/.
^ "Norton - WireLurker". community.norton.com. 7 November 2014.

External links[edit]

Palo Alto Networks Research Center

[Xiao-1] Xiao, Claud (5 November 2014). "WireLurker: A New Era in OS X and iOS Malware". researchcenter.paloaltonetworks.com.

[Perlroth-2] Perlroth, Nicole (5 November 2014). "Malicious Software Campaign Targets Apple Users in China". bits.blogs.nytimes.com.

[Clover-3] Clover, Juli (17 November 2014). "Chinese Authorities Shut Down WireLurker Distribution Site, Arrest Suspects Involved". www.macrumors.com.

[Kovacs-4] Kovacs, Eduard (17 November 2014). "Alleged Creators of WireLurker Malware Arrested in China". www.securityweek.com/.

[Norton-5] "Norton - WireLurker". community.norton.com. 7 November 2014.

[1]

[2]

[3]

[4]

[5]