-
π Profile Icon
-
π Published Icon
Published:November 17, 2014 - π Tags IconCategories:
- π Tags IconTags:
Well that was fast.
Not quite ten days after we released our white paper on WireLurker, arrests have already been made in China. WireLurker is a new family of malware specifically targeting iOS devices via USB. There is WireLurker malware for both Mac OS X and Microsoft Windows operating systems.
WireLurker works by looking for any iOS devices connected via USB with an infected OS X or Windows computer. When it detects one, it installs downloaded third-party applications or automatically generated malicious applications onto the device, regardless of whether it is jail broken. This is the reason we call it βwire lurkerβ.
On November 14, the Beijing Municipal Public Security Bureau announced it had arrested three people in connection with the WireLurker malware. The police received a tip from the Chinese technology company Qihoo 360 and subsequently arrested three individuals, respectively surnamed Chen, Li, and Wang. The third-party app store that had been serving WireLurker, Maiyadi, was also shut down.
The police have not released the suspectsβ full names, but several Chinese sources are reporting two of them may be the founders of Maiyadi, Chen Peng and Wang Jian. The third is likely the βLi Feiβ whose name appears in the Windows WireLurker code, and had a certificate from Apple used in the iOS version. As noted in an earlier WireLurker blog, these details support the technical analysis that indicated a likely tie between Maiyadi and the malware.
It is not known if the developer previously tracked down and accused of being tied to WireLurker is among those arrested, or whether his claim of innocence is founded. Of note, the Chinese-language forum that originally publicized that developerβs information was served with legal paperwork and deleted the respective content. Interestingly, the lawyer CCβd a Maiyadi email account for Chen Peng when sending the paperwork, one of the individuals who may been arrested. A screenshot of the removal request from the lawyer is below. The two highlighted characters in the CCβd line are Chen Peng.
Figure 1. Removal letter from a lawyer sent to the Chinese-language forum that initially published a possible WireLurker-related developerβs personal information. The characters highlighted in blue on the CCβd line are Chen Peng, a Maiyadi founder possibly among those arrested last week for WireLurker.
We will continue to monitor for WireLurker-related activities and make updates here as appropriate.
