Wirelurker

WireLurker is a family of malware targeting both Mac OS and iOS systems.^[1] The malware was designed to target users in China that use Apple mobile and desktop devices.^[2] The malware was suspected of infecting thousands of Chinese mobile devices.^[3] The security firm Palo Alto Networks is credited with uncovering the malware.^[1]

How it works

WireLurker monitors any iOS device connected via USB with an infected OS X computer and installs downloaded third-party applications or automatically generated malicious applications onto the device. WireLurker can infect a device regardless of whether it is jailbroken or not. WireLurker is a complex form of malware that utilizes techniques such as file hiding, code obfuscation and encryption. WireLurker is capable of stealing a variety of information from the mobile devices it infects and regularly requests updates from the attackers command and control server.^[1]

Arrests

Three individuals in China were arrested for the suspicion of creating and distributing the WireLurker malware. The suspects, identified only by their surnames as Wang, Lee and Chen were taken into custody on Thursday November 13, 2014. Chinese authorities believe the suspects created the malware for financial gains.^[4]

Protection

Several steps can be taken in order to protect yourself from WireLurker and other malware.

Do not install software or applications from unknown or unreliable sources.
Make sure that System Preferences on you Mac are set to: ‘Allow apps downloaded from: Mac App Store and identified developers’.
Keep your security software up to date on your Mac or desktop.
Keep your iOS software up to date on your mobile device.
Do not connect your mobile device to unknown computers.^[5]

References

^ ^a ^b ^c Xiao, Claud. "WireLurker: A New Era in OS X and iOS Malware". http://researchcenter.paloaltonetworks.com. {{cite web}}: External link in |website= (help)
^ Perlroth, Nicole. "Malicious Software Campaign Targets Apple Users in China". http://bits.blogs.nytimes.com. {{cite web}}: External link in |website= (help)
^ Clover, Juli. "Chinese Authorities Shut Down WireLurker Distribution Site, Arrest Suspects Involved". http://www.macrumors.com. {{cite web}}: External link in |website= (help)
^ Kovacs, Eduard. "Alleged Creators of WireLurker Malware Arrested in China". http://www.securityweek.com/. {{cite web}}: External link in |website= (help)
^ "Norton - WireLurker". https://community.norton.com. {{cite web}}: External link in |website= (help)

External links

Palo Alto Networks Research Center

[Xiao-1] Xiao, Claud. "WireLurker: A New Era in OS X and iOS Malware". http://researchcenter.paloaltonetworks.com. {{cite web}}: External link in |website= (help)

[Perlroth-2] Perlroth, Nicole. "Malicious Software Campaign Targets Apple Users in China". http://bits.blogs.nytimes.com. {{cite web}}: External link in |website= (help)

[Clover-3] Clover, Juli. "Chinese Authorities Shut Down WireLurker Distribution Site, Arrest Suspects Involved". http://www.macrumors.com. {{cite web}}: External link in |website= (help)

[Kovacs-4] Kovacs, Eduard. "Alleged Creators of WireLurker Malware Arrested in China". http://www.securityweek.com/. {{cite web}}: External link in |website= (help)

[Norton-5] "Norton - WireLurker". https://community.norton.com. {{cite web}}: External link in |website= (help)

[1]

[2]

[3]

[4]

[5]