Wirelurker site in China taken down, suspects arrested

The Mac/iOS malware was able to install on non-jailbroken iOS devices, but was quickly neutered. Three suspects are in custody.
Written by Larry Seltzer, Contributor

Chinese authorities have shut down the web sites responsible for the Wirelurker malware and arrested suspects in the case, according to a statement by the Beijing Municipal Bureau of Public Security on Sina Weibo, a Chinese microblogging service.

Wirelurker appeared earlier this month breaking new ground as malware that could attack non-jailbroken iOS devices. The scenario is complicated and will not likely work well in the United States. It involved iOS malware available in third-party app stores, not commonly used here.

According to Palo Alto Networks, which publicly revealed the threat, it begins with malware running on a Mac OS X system (a less-successful Windows version of this malware was also found). The malware could download the malicious apps from the third-party stores and, when it detected an iOS device connected through the USB port, installed the malicious apps on the device.

The malware was able to install on non-jailbroken iOS devices because the attackers used enterprise certificates to sign the apps. Apple has since revoked these certificates. Palo Alto estimated that hundreds of thousands of users installed the malicious apps.

The Chinese authorities say that three suspects (Chen, Lee and Wang) are under arrest for making and distributing the malware and the site shut down.

Hat tip to SecurityWeek.

Editorial standards