New ‘WireLurker’ Malware Targets Non-Jailbroken iOS and OS X Users in China [u]


New malware dubbed ‘WireLurker’ has been discovered by security company Palo Alto Networks (via the New York Times), targeting iOS and OS X users in China.

Screenshot 2014 11 05 23 22 42

Palo Alto Networks says the malware was infecting users via the Maiyadi App Store, a source of third party apps for Mac users in China. Over the past six months, 467 apps have been infected, seeing 356,104 downloads, therefore impacting possibly hundreds of thousands of users.

Here are the five key points of ‘WireLurker’ noted by the security firm, which can affect non-jailbroken iOS devices via an infected Mac’s USB:

  • Of known malware families distributed through trojanized / repackaged OS X applications, it is the biggest in scale we have ever seen
  • It is only the second known malware family that attacks iOS devices through OS X via USB
  • It is the first malware to automate generation of malicious iOS applications, through binary file replacement
  • It is the first known malware that can infect installed iOS applications similar to a traditional virus
  • It is the first in-the-wild malware to install third-party applications on non-jailbroken iOS devices through enterprise provisioning

‘WireLurker’ is dubbed as a “new brand of threat to all iOS devices” as it can steal a variety of information and periodically send updates to the malware server, while being capable of stealing contacts and reading iMessages.

Palo Alto Networks recommends users ensure Security and Privacy settings in OS X are set to only run approved Mac App Store apps and to not run apps from a third party store. It told the NYT it has told Apple about its findings but has not heard back.

To protect your iOS device, the security firm says to not install unknown enterprise provisioning profiles, pair your device with untrusted computers or charge it via unknown sources. It also says to avoid jailbreaking, but if you do only download from “credible Cydia community sources”.

Update: Apple has released the following statement (via The Loop) on ‘WireLurker’ and has blocked the apps:

“We are aware of malicious software available from a download site aimed at users in China, and we’ve blocked the identified apps to prevent them from launching. As always, we recommend that users download and install software from trusted sources.”


  • Chrome262

    One of the main reasons Android has such crappy security issues, is third party app stores, as well as a bad app approval procedures in google play (lots of control given to apps, but that has changed thankfully..a bit). Even when you jailbreak you take risks if you go outside cydia. It doesn’t surprise me in the least that China would be the place where this starts, where there are lots of third party app stores offering free alternatives to pay apps. Microsoft years ago stated it was losing millions in Asian software pirating, and the industry as a whole was loosing billions. MS claimed China was the biggest offender. Over the years its fostered an environment that not only supports pirating, but also is a great place to test malware and other viruses. I get why people want something for free, and software can be over priced, but I feel when you have thousands of people not caring if they are careful, things like this spread like a zombie plague.

  • Anon

    Software piracy is only a small part. China is the knock off capital of the world, copy pretty much everything under the sun, and they are the masters of that.