Chinese authorities arrested three individuals on Friday that are suspected of being behind the “WireLurker” malware, which infected thousands of iOS devices via malicious Mac software users downloaded from a third-party app store.
According to a police post on Chinese social network Sina Weibo, the three men were arrested in Beijing on suspicion of “manufacturing and distributing” WireLurker after police received a tip from Chinese security company Qihoo 360 technology. In addition to arresting the suspects involved in the creation of the malicious software, Chinese authorities also shut down the site that was spreading it.
WireLurker is a trojan that infected thousands of Chinese iOS and Mac devices after users installed software from the Maiyadi App Store. The third-party app store delivered more than 400 infected Mac apps.
WireLurker attacks iOS devices via an infected Mac’s USB connection. WireLurker could infect an iOS device via enterprise provisioning, thereby allowing it to install malware on non-jailbroken devices.
Once WireLurker was revealed, Apple quickly took steps to block the infected apps, preventing them from launching, and publishing a statement, reminding users not to install software from untrusted sources.
One week after WireLurker surfaced, another flavor of malware, “Masque Attack,” was revealed by researchers. It also infects iOS devices using enterprise provision profiles, however it replaces existing apps with fake versions.
Users can avoid infection from both strains of malware by simply making sure to install known-safe software packages, using only the iOS and Mac App Stores to install apps to their devices.