The website used to spread the recently discovered “WireLurker” Mac and iOS malware has been taken down by Chinese authorities. In addition, three individuals suspected of being involved in and reaping illegal profits from the distribution of the malicious software have been brought to justice.
These developments were announced on Friday in a statement by the Beijing Municipal Bureau of Public Security on the Chinese microblogging site Sina Weibo. As noted by SecurityWeek, “The suspects, identified by their surnames as Wang, Lee and Chen, were taken into custody on Thursday based on information provided to law enforcement authorities by the China-based security company Qihoo 360 Technology.”
As exposed by researchers at the Silicon Valley security company Palo Alto Networks, WireLurker is aimed primarily at Apple mobile and desktop users in China, where users are likely to download infected apps from the Chinese third-party Mac app store Maiyadi.
It works by “lurking” on the USB connection of an infected Mac computer and installing malicious, information-stealing apps onto any connected iOS device. A device doesn’t even have to be jailbroken to be infected by the malware.
Shortly after WireLurker was publicized, Apple acknowledged the issue, blocked the infected apps, and encouraged users to download software from trusted sources only.
Apple offered the same suggestion following the discovery, by researchers at the mobile security company FireEye, of “Masque Attack.” Masque Attack works by installing malware apps that masquerade as genuine apps through enterprise provisioning on iOS devices, whether jailbroken or not.