Security Experts:

Connect with us

Hi, what are you looking for?



Alleged Creators of WireLurker Malware Arrested in China

Three individuals suspected of being involved in the creation and distribution of a recently uncovered piece of malware referred to as “WireLurker” have been arrested and charged, the Beijing Municipal Bureau of Public Security said on Friday.

Three individuals suspected of being involved in the creation and distribution of a recently uncovered piece of malware referred to as “WireLurker” have been arrested and charged, the Beijing Municipal Bureau of Public Security said on Friday.

The suspects, identified by their surnames as Wang, Lee and Chen, were taken into custody on Thursday based on information provided to law enforcement authorities by the China-based security company Qihoo 360 Technology.

WireLurker, a threat designed to target devices running Mac OS X, iOS and Windows, was recently uncovered by Palo Alto Networks. The network security firm’s researchers identified a total of 467 malicious OS X apps which by mid-October had been downloaded by Chinese users over 350,000 times from an app store called Maiyadi. Cybercriminals distributed the threat by packaging it with popular games and applications.

After the malicious applications are installed on a Mac OS X device, the malware waits for victims to connect their iPhones or iPads to the infected machine via USB. WireLurker then installs malicious iOS applications capable of stealing sensitive information from infected devices. The threat could infect non-jailbroken devices since its authors signed the malicious iOS apps with enterprise certificates.

After Palo Alto Networks revealed the existence of WireLurker, Apple revoked these certificates in an effort to protect its customers. The security firm estimated that hundreds of thousands of users downloaded the malicious versions of the applications.

According to Chinese authorities, the suspects conspired to develop the malware for illegal profits. The website used to distribute the malware has been shut down, the Beijing Municipal Bureau of Public Security said in a statement published on its Sina Weibo account. Researchers have found evidence connecting the Maiyadi app store to the creators of the malware.

Initially, Palo Alto researchers only discovered the iOS and OS X versions of WireLurker, but AlienVault’s Jaime Blasco also identified a less successful Windows version of the threat.

“Wirelurker introduces a new threat vector in a place that was thought to be secure. The concept of using trojan software to download new threats is not new, that is something that has been in practice for many years. However, up to this point the software on iOS devices has been considered secure since the only software on the device would come through the heavily vetted Apple App Store,” Mark Parker, senior product manager at iSheriff, told SecurityWeek.

“By using the workstation’s USB connection as an avenue to surreptitiously install the Trojan applications, the protection afforded by the App Store is leap frogged in an effective manner. Since it has shown success, there is sure to be more advancement and copycats.”

Related: Feedback Friday: WireLurker Malware Targets Mac OS X, iOS – Industry Reactions

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.


US government reminds the public that a reward of up to $10 million is offered for information on cybercriminals, including members of the Hive...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.