Chinese Authorities Shut Down WireLurker Distribution Site, Arrest Suspects Involved

by

lightning_usb_cable_0_5_mLast Friday, Chinese authorities arrested three individuals that are suspected of developing the "WireLurker" malware, which infected thousands of mobile devices in China after Mac users installed malicious software from a third-party App Store.

According to a police post on Chinese social network Sina Weibo, the three men were arrested in Beijing on suspicion of "manufacturing and distributing" WireLurker after police received a tip from Chinese security company Qihoo 360 technology. In addition to arresting the suspects involved in the creation of the malicious software, Chinese authorities also shut down the site that was spreading it.

First publicized by researchers in early November, WireLurker is a trojan that infected thousands of Chinese iOS and Mac users after they installed software from the Maiyadi App Store, a third-party app platform that delivered more than 400 infected OS X applications.

WireLurker was able to attack iOS devices through Macs using USB, and was described as heralding "a new era in malware attacking Apple's desktop and mobile platforms." After being installed on a Mac, WireLurker would infect an iOS device using enterprise provisioning, making it the first malware capable of installing third-party applications on non-jailbroken iOS devices.

At the time information was published on WireLurker, infected apps had already been downloaded more than 356,104 times. Apple quickly took steps to block the infected apps, preventing them from launching, and in a statement, it reminded users not to install software from untrusted sources.

Just a week after WireLurker surfaced, another vulnerability in iOS was publicized by researchers. Called Masque Attack, it also infects iOS devices using enterprise provision profiles and is somewhat more dangerous, as it can replace existing apps with nearly undetectable fake versions.

Though it hasn't been found in the wild, Masque Attack prompted a warning from the U.S. government and a statement from Apple, with the company once again encouraging customers to download apps only from trusted sources.

Neither Masque Attack nor WireLurker are likely to affect the average iOS user as long as Apple's security features are not bypassed, as both vulnerabilities circumvent the App Store and Mac App Store to install apps.

Popular Stories

AirPods Pro Firmware Feature

Apple Releases New Firmware for AirPods Pro 2, AirPods Pro 3, and AirPods 4

Thursday November 13, 2025 11:35 am PST by
Apple today released new firmware designed for the AirPods Pro 3, the AirPods 4, and the prior-generation AirPods Pro 2. The AirPods Pro 3 firmware is 8B25, while the AirPods Pro 2 and AirPods 4 firmware is 8B21, all up from the prior 8A358 firmware released in October. There's no word on what's include in the updated firmware, but the AirPods Pro 2, AirPods 4 with ANC, and AirPods Pro 3...
Read Full Article68 comments
Tim Cook WWDC 2018

Report: Tim Cook to Step Down as Apple CEO 'as Soon as Next Year'

Saturday November 15, 2025 2:40 pm PST by
Apple is preparing for Tim Cook to step down as CEO of the company "as soon as next year," according to the Financial Times. The company's board of directors and senior executives "recently intensified preparations for Cook to hand over the reins," the report said. While the report said that Apple is unlikely to name a new CEO before its next earnings report in late January, it went on to ...
Read Full Article451 comments
iPhone Pocket Short

iPhone Pocket Now Available to Order, But Already Selling Out

Friday November 14, 2025 6:20 am PST by
Apple recently teamed up with Japanese fashion brand ISSEY MIYAKE to create the iPhone Pocket, a limited-edition knitted accessory designed to carry an iPhone. iPhone Pocket is available to order on Apple's online store starting today, in the United States, France, China, Italy, Japan, Singapore, South Korea, and the United Kingdom. However, it is already completely sold out in the United...
Read Full Article196 comments
apple silicon mac lineup 2024 feature purple m5

Apple's 2026 Mac Plans

Friday November 14, 2025 3:23 pm PST by
Most of Apple's Macs are slated to get M5 chips across 2026, and there's a possibility we'll even see the first M6 chips toward the end of the year. Updates are planned for everything from the MacBook Air to the Mac Studio. MacBook Air (Early 2026) The MacBook Air will be one of the first Macs to get a 2026 refresh, with an update planned for the first few months of the year. The MacBook...
Read Full Article151 comments
best early black friday deals

Best Black Friday Apple Deals Live Now - Save on AirPods, iPads, and Apple Watches

Saturday November 15, 2025 1:45 pm PST by
We're officially in the month of Black Friday, which will take place on Friday, November 28 in 2025. As always, this will be the best time of the year to shop for great deals, including popular Apple products like AirPods, iPad, Apple Watch, and more. In this article, the majority of the discounts will be found on Amazon. Note: MacRumors is an affiliate partner with some of these vendors. When ...
Read Full Article2 comments
tvOS 26 Profiles

tvOS 26.2 Adds a Useful New Feature to Your Apple TV

Friday November 14, 2025 10:02 am PST by
Starting with the upcoming tvOS 26.2 update, currently in beta, additional profiles created on the Apple TV no longer require their own Apple Account. In the Settings app on the Apple TV, under Profiles and Accounts, anyone can create a new profile by simply entering a name and indicating whether the profile is for a kid. The profile will be associated with the primary user's Apple Account,...
Read Full Article
walmart new ornametns

Walmart Black Friday Deals Begin Today With Low Prices on Headphones, TVs, and More

Friday November 14, 2025 7:55 am PST by
Walmart's Black Friday sale has officially kicked off today, with an online shopping event that's also seeing some matching deals in retail locations. There are quite a few major discounts in this sale, including savings on headphones, TVs, and more. Note: MacRumors is an affiliate partner with Walmart. When you click a link and make a purchase, we may receive a small payment, which helps us...
Read Full Article13 comments
CarPlay Pinned Messages

iOS 26.2 Adds New CarPlay Setting

Thursday November 13, 2025 6:48 am PST by
iOS 26 extended pinned conversations in the Messages app to CarPlay, for quick access to your most frequent chats. However, some drivers may prefer the classic view with a list of individual conversations only, and Apple now lets users choose. Apple released the second beta of iOS 26.2 this week, and it introduces a new CarPlay setting for turning off pinned conversations in the Messages...
Read Full Article24 comments
homepod mini thumb feature

New HomePod Mini, Apple TV, and AirTag Were Expected This Year — Where Are They?

Wednesday November 12, 2025 11:42 am PST by
While it was rumored that Apple planned to release new versions of the HomePod mini, Apple TV, and AirTag this year, it is no longer clear if that will still happen. Back in January, Bloomberg's Mark Gurman said Apple planned to release new HomePod mini and Apple TV models "toward the end of the year," while he at one point expected a new AirTag to launch "around the middle of 2025." Yet,...
Read Full Article125 comments

Top Rated Comments

mgipe Avatar
mgipe
144 months ago
Probably gave them an offer they couldn't refuse: go on the government payroll or go to jail.
Score: 13 Votes (Like | Disagree)
Michaelgtrusa Avatar
Michaelgtrusa
144 months ago
I will need to see more evidence before i'm convinced that this so called arrest isn't just propaganda.
Score: 11 Votes (Like | Disagree)
GeneralChang Avatar
GeneralChang
144 months ago
My favorite part of these attacks are the part when I realize that because I download stuff only from the App Store and my company's website, I'm good. Love that security.
Score: 8 Votes (Like | Disagree)
macs4nw Avatar
macs4nw
144 months ago
"Neither Masque Attack nor WireLurker are likely to affect the average iOS user as long as Apple's security features are not bypassed, as both apps circumvent the App Store and Mac App Store to install apps."

And that's the key portion of the article, my friends. Live 'dangerously' at your own peril.
Score: 8 Votes (Like | Disagree)
Tzerlag Avatar
Tzerlag
144 months ago
PLA unit 61398 didn't like the competition.
Score: 7 Votes (Like | Disagree)
nepalisherpa Avatar
nepalisherpa
144 months ago
There will be lurkers waiting for them in the prison. Good job!
Score: 6 Votes (Like | Disagree)
Read All Comments