Just a few weeks after its existence was revealed, Beijing police have arrested three people who are allegedly the authors of the WireLurker malware that targets Macs and iPhones.
Local authorities arrested the three suspects, with the last names of Chen, Li and Wang, after Chinese security company Qihoo 360 Technology called in a tip, according to the official Sina Weibo police blog. The police also said that the three had been using a well-known Chinese third-party application store and news hub for Apple products called Maiyadi as a vector for spreading the infection—resulting in the store’s shutdown as well.
WireLurker is a multi-pronged threat: it attacks and infects OS X-based Macs via compromised applications, and from there can infect any iPhone that’s connected via USB to the computer—regardless of jailbreak status. About 467 Mac desktop applications infected with the malware were discovered at Maiyadi earlier in the month by researchers at the Palo Alto Networks, which had been downloaded more than 356,000 times in the past six months.
Apple, over the weekend, said that it has neutralized the threat from Maiyadi.
"We are aware of malicious software available from a download site aimed at users in China, and we’ve blocked the identified apps to prevent them from launching. As always, we recommend that users download and install software from trusted sources,” an Apple spokesperson told Business Insider.
Unlike most iPhone bugs, WireLurker can compromise even non-jailbroken iOS smartphones and tablets—potentially putting 800 million devices at risk. So, while the infections may have been centered in China for now, it could easily be spread to other markets.
“This malware is under active development and its creator’s ultimate goal is not yet clear,” the researchers wrote in a 30-page report. “The ultimate goal of the WireLurker attacks is not completely clear. The functionality and infrastructure allows the attacker to collect significant amounts of information from a large number of Chinese iOS and Mac OS systems, but none of the information points to a specific motive. We believe WireLurker has not yet revealed its full functionality.”