Wirelurker – New Trojan that infect iOS and OS X

Wirelurker is a new Trojan that runs under OS X systems to infect mobile phones including iPhone and tablet iPad. this new type of maware is originated from China and was discovered by  Palo Alto Networks.

The malware is the first program that generates iOS application, using the replacement binary files and it is the first Trojan that takes the form of traditional virus on OS X system. it also allow to install third party application on iOS device similar to other operating system and it is the second malware in the history that attack iOS device via USB.

Wirelurker used to infect 467 applications in Maiyadi App Store a the Chinese application catalog. Over the past six months, these applications are downloaded 356,104 times, so Trojan have been installed on several hundred thousands of Mac computers or mobile devices.

Trojan will monitors all devices connected via USB to the infected OS X system. When iOS gadget is connected to the system it will be infected or a third-party application will generates the malicious application. This depends on the device situation whether  jailbroken or not.

Wirelurker has a complex structure with code obfuscation, multiple components with support for versions, the ability to hide files and also uses a clever homemade encryption scheme to prevent reverse engineering. More details about the structure of this Trojan have been published on Palo Alto Networks report.

Maybe we always trust apple system because it is free from malware but this malware indicates to start using antivirus on OS X systems in the near future and make it a required application. Wirelurker is a stealthy malware that will collect a variety of  information  from your mobile device that will be sent to cybercriminal on a remote server. purpose of this malware is still not clear and needs more deep investigation.

Palo Alto Networks created a new python script for detecting the WireLurker malware family and it is available on Github.

Notify of
Inline Feedbacks
View all comments