Three individuals suspected of being involved in the creation and distribution of a recently uncovered piece of malware referred to as “WireLurker” have been arrested and charged, the Beijing Municipal Bureau of Public Security said on Friday.
The suspects, identified by their surnames as Wang, Lee and Chen, were taken into custody on Thursday based on information provided to law enforcement authorities by the China-based security company Qihoo 360 Technology.
WireLurker, a threat designed to target devices running Mac OS X, iOS and Windows, was recently uncovered by Palo Alto Networks. The network security firm’s researchers identified a total of 467 malicious OS X apps which by mid-October had been downloaded by Chinese users over 350,000 times from an app store called Maiyadi. Cybercriminals distributed the threat by packaging it with popular games and applications.
After the malicious applications are installed on a Mac OS X device, the malware waits for victims to connect their iPhones or iPads to the infected machine via USB. WireLurker then installs malicious iOS applications capable of stealing sensitive information from infected devices. The threat could infect non-jailbroken devices since its authors signed the malicious iOS apps with enterprise certificates.
After Palo Alto Networks revealed the existence of WireLurker, Apple revoked these certificates in an effort to protect its customers. The security firm estimated that hundreds of thousands of users downloaded the malicious versions of the applications.
According to Chinese authorities, the suspects conspired to develop the malware for illegal profits. The website used to distribute the malware has been shut down, the Beijing Municipal Bureau of Public Security said in a statement published on its Sina Weibo account. Researchers have found evidence connecting the Maiyadi app store to the creators of the malware.
Initially, Palo Alto researchers only discovered the iOS and OS X versions of WireLurker, but AlienVault’s Jaime Blasco also identified a less successful Windows version of the threat.
“Wirelurker introduces a new threat vector in a place that was thought to be secure. The concept of using trojan software to download new threats is not new, that is something that has been in practice for many years. However, up to this point the software on iOS devices has been considered secure since the only software on the device would come through the heavily vetted Apple App Store,” Mark Parker, senior product manager at iSheriff, told SecurityWeek.
“By using the workstation’s USB connection as an avenue to surreptitiously install the Trojan applications, the protection afforded by the App Store is leap frogged in an effective manner. Since it has shown success, there is sure to be more advancement and copycats.”
Related: Feedback Friday: WireLurker Malware Targets Mac OS X, iOS – Industry Reactions

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Unpatched Econolite Traffic Controller Vulnerabilities Allow Remote Hacking
- Google Fi Data Breach Reportedly Led to SIM Swapping
- Microsoft’s Verified Publisher Status Abused in Email Theft Campaign
- British Retailer JD Sports Discloses Data Breach Affecting 10 Million Customers
- Meta Awards $27,000 Bounty for 2FA Bypass Vulnerability
- Industry Reactions to Hive Ransomware Takedown: Feedback Friday
- US Reiterates $10 Million Reward Offer After Disruption of Hive Ransomware
- Hive Ransomware Operation Shut Down by Law Enforcement
Latest News
- Malicious NPM, PyPI Packages Stealing User Information
- VMware Confirms Exploit Code Released for Critical vRealize Logging Vulnerabilities
- 98% of Firms Have a Supply Chain Relationship That Has Been Breached: Analysis
- Dutch, European Hospitals ‘Hit by Pro-Russian Hackers’
- Gem Security Gets $11 Million Seed Investment for Cloud Incident Response Platform
- Ransomware Leads to Nantucket Public Schools Shutdown
- Stop, Collaborate and Listen: Disrupting Cybercrime Networks Requires Private-Public Cooperation and Information Sharing
- Boxx Insurance Raises $14.4 Million in Series B Funding
