Security Experts:

Connect with us

Hi, what are you looking for?



Alleged Creators of WireLurker Malware Arrested in China

Three individuals suspected of being involved in the creation and distribution of a recently uncovered piece of malware referred to as “WireLurker” have been arrested and charged, the Beijing Municipal Bureau of Public Security said on Friday.

Three individuals suspected of being involved in the creation and distribution of a recently uncovered piece of malware referred to as “WireLurker” have been arrested and charged, the Beijing Municipal Bureau of Public Security said on Friday.

The suspects, identified by their surnames as Wang, Lee and Chen, were taken into custody on Thursday based on information provided to law enforcement authorities by the China-based security company Qihoo 360 Technology.

WireLurker, a threat designed to target devices running Mac OS X, iOS and Windows, was recently uncovered by Palo Alto Networks. The network security firm’s researchers identified a total of 467 malicious OS X apps which by mid-October had been downloaded by Chinese users over 350,000 times from an app store called Maiyadi. Cybercriminals distributed the threat by packaging it with popular games and applications.

After the malicious applications are installed on a Mac OS X device, the malware waits for victims to connect their iPhones or iPads to the infected machine via USB. WireLurker then installs malicious iOS applications capable of stealing sensitive information from infected devices. The threat could infect non-jailbroken devices since its authors signed the malicious iOS apps with enterprise certificates.

After Palo Alto Networks revealed the existence of WireLurker, Apple revoked these certificates in an effort to protect its customers. The security firm estimated that hundreds of thousands of users downloaded the malicious versions of the applications.

According to Chinese authorities, the suspects conspired to develop the malware for illegal profits. The website used to distribute the malware has been shut down, the Beijing Municipal Bureau of Public Security said in a statement published on its Sina Weibo account. Researchers have found evidence connecting the Maiyadi app store to the creators of the malware.

Initially, Palo Alto researchers only discovered the iOS and OS X versions of WireLurker, but AlienVault’s Jaime Blasco also identified a less successful Windows version of the threat.

“Wirelurker introduces a new threat vector in a place that was thought to be secure. The concept of using trojan software to download new threats is not new, that is something that has been in practice for many years. However, up to this point the software on iOS devices has been considered secure since the only software on the device would come through the heavily vetted Apple App Store,” Mark Parker, senior product manager at iSheriff, told SecurityWeek.

“By using the workstation’s USB connection as an avenue to surreptitiously install the Trojan applications, the protection afforded by the App Store is leap frogged in an effective manner. Since it has shown success, there is sure to be more advancement and copycats.”

Related: Feedback Friday: WireLurker Malware Targets Mac OS X, iOS – Industry Reactions

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.