Chinese sites hosting 'Wirelurker' Mac-to-iOS malware taken down, suspects arrested
A Beijing government agency on Monday announced the arrest of three suspects thought to be behind the so-called "WireLurker" trojan targeting Mac and iOS devices, saying websites hosting the malware have been shut down.
In a post to Chinese microblogging site Sina Weibo, the Beijing Municipal Public Security Bureau said it identified and subsequently closed down "WireLurker" operations last Friday. Three suspects were taken into custody under charges of conspiring to use the malware to illegal profits. The news was first spotted by ZDNet.
Detailed in a paper from security research firm Palo Alto Networks earlier this month, WireLurker is a specialized piece of malware that inserts itself onto a Mac running OS X, then jumps to iOS devices over USB. Unlike past attacks, WireLurker is capable of affecting non-jailbroken hardware. The program has reportedly been in the wild for past six months in China.
Taking advantage of an app provisioning vulnerability, WireLurker lays dormant on a user's computer in an infected OS X app. The malware monitors for new iOS devices and installs malicious apps downloaded from an off-site server or generated autonomously on-device. From there, the program can access user information like contacts, read iMessages and perform other functions determined by the command-and-control server.
As noted by AppleInsider, WireLurker is only a threat to users who disable Apple's default security measures, as the enterprise provisioning certificates used in the attack were blocked by Apple shortly after discovery.
With Apple's global smartphone marketshare continues to rise, so do the number of attempts to surreptitiously harvest data from unsuspecting consumers. A week after WireLurker popped up on the radar, another piece of malware dubbed "Masque Attack" was discovered. Masque Attack also takes advantage of Apple's app provisioning system to install nefarious software on iOS devices, but is unique in that it replicates existing apps to trick users into handing over sensitive information.
In a post to Chinese microblogging site Sina Weibo, the Beijing Municipal Public Security Bureau said it identified and subsequently closed down "WireLurker" operations last Friday. Three suspects were taken into custody under charges of conspiring to use the malware to illegal profits. The news was first spotted by ZDNet.
Detailed in a paper from security research firm Palo Alto Networks earlier this month, WireLurker is a specialized piece of malware that inserts itself onto a Mac running OS X, then jumps to iOS devices over USB. Unlike past attacks, WireLurker is capable of affecting non-jailbroken hardware. The program has reportedly been in the wild for past six months in China.
Taking advantage of an app provisioning vulnerability, WireLurker lays dormant on a user's computer in an infected OS X app. The malware monitors for new iOS devices and installs malicious apps downloaded from an off-site server or generated autonomously on-device. From there, the program can access user information like contacts, read iMessages and perform other functions determined by the command-and-control server.
As noted by AppleInsider, WireLurker is only a threat to users who disable Apple's default security measures, as the enterprise provisioning certificates used in the attack were blocked by Apple shortly after discovery.
With Apple's global smartphone marketshare continues to rise, so do the number of attempts to surreptitiously harvest data from unsuspecting consumers. A week after WireLurker popped up on the radar, another piece of malware dubbed "Masque Attack" was discovered. Masque Attack also takes advantage of Apple's app provisioning system to install nefarious software on iOS devices, but is unique in that it replicates existing apps to trick users into handing over sensitive information.
Comments
China still has a long ways to go regarding human rights but it appears they are finally cracking down on some illegal behavior and that's a good sign. Time we give them a second chance to prove themselves.
China still has a long ways to go regarding human rights but it appears they are finally cracking down on some illegal behavior and that's a good sign. Time we give them a second chance to prove themselves.
Well they can't have their own people doing it for profit and to screw people over for the fun of it, that's for the Government to do. So go to jail or Work for US!!!
Well they can't have their own people doing it for profit and to screw people over for the fun of it, that's for the Government to do. So go to jail or Work for US!!!
Yeah, I can't help but wonder if the government there plans to use this for their own purposes.
So are every other country, especially the US, but, yes, they are a farther behind than many others.
I agree. It would be foolish to not assume that every country acts in its own self interest.
Tim's visit paid off.
Xi Jinping's wife uses an iPhone, she told him to take care of this.
Quoted the wrong post originally.
Likely a little theatrical performance put on for social and political effect. So they've plucked one grain of sand away from the mass beachfront of cyber security exploits being purposefully developed under centralized control and orchestration by our benevolent trading partner and source of affordable technology labor. I feel so much safer now, but they already knew that.
In all likelihood the sponsorship of the development of these exploits against major US firms can be traced back to government/state sources. Since this one is not particularly sophisticated and now that the cat's out of the bag, it can be defunded and sponsorship redeployed to other areas that may bear more fruit. It also gives the Chinese government a little showcase for showing the rest of the world how well they are policing their cyber security "problem" or "R&D campaign" - depending on whose point of view you take.
(Sorry, it was just laying there waiting for the punchline)
Tim's visit paid off.
Agreed
Tim, working for customer satisfaction and security. Can the CEO of Microsoft do this for when Surface gets viruses from other countries?
Perfect way to beat the "Surface vs MacBook Air" ads. Can YOUR CEO do that?