Researchers Discover New 'WireLurker' Malware Affecting Macs and iOS Devices in China [Updated]

by

lightning_usb_cable_0_5_mResearchers from Palo Alto Networks (via The New York Times) have published a research paper on WireLurker, a malware new family that's been infecting both Mac OS and iOS systems over the course of the past six months. The researchers say that WireLurker, which is targeting users in China, "heralds a new era in malware attacking Apple's desktop and mobile platforms."

The WireLurker malware is the "biggest in scale" in the trojanized malware family, and it is able to attack iOS devices through OS X using USB. It's said to be able to infect iOS applications similar to a traditional virus, and it is the first malware capable of installing third-party applications on non-jailbroken iOS devices "through enterprise provisioning."

Thus far, WireLurker has been used in 467 OS X apps in the Maiyadi App Store, which is a third-party Mac app store in China. The apps have been downloaded 356,104 times, infecting hundreds of thousands of users.

According to the researchers, WireLurker looks for iOS devices connected via USB to an infected Mac, installing malicious third-party applications onto the device even without a jailbreak.

WireLurker monitors any iOS device connected via USB with an infected OS X computer and installs downloaded third-party applications or automatically generated malicious applications onto the device, regardless of whether it is jailbroken. This is the reason we call it "wire lurker". Researchers have demonstrated similar methods to attack non-jailbroken devices before; however, this malware combines a number of techniques to successfully realize a new brand of threat to all iOS devices.

WireLurker exhibits complex code structure, multiple component versions, file hiding, code obfuscation and customized encryption to thwart anti-reversing. In this whitepaper, we explain how WireLurker is delivered, the details of its malware progression, and specifics on its operation.

Once installed, WireLurker can collect information from iOS devices like contacts and iMessages, and it's able to request updates from attackers. It's said to be under "active development" with an unclear "ultimate goal."

Palo Alto Neworks offers several recommendations for avoiding apps infected with WireLurker, including an antivirus product and Mac App Store installation restrictions that prevent apps from unknown third parties from being installed. Users should not download and run Mac apps or games from third-parry app stores, download sites, or other untrusted sources and jailbreaking should be avoided.

Unknown enterprise provisioning profiles must be avoided as well, and users should avoid pairing their iOS devices with unknown computers or charging with chargers from untrusted or unknown sources.

Palo Alto Networks has notified Apple of the malware, but an Apple spokesperson declined to offer a comment.

Update: Apple has issued a statement to iMore about the issue:

"We are aware of malicious software available from a download site aimed at users in China," an Apple spokesperson told iMore, "and we've blocked the identified apps to prevent them from launching. As always, we recommend that users download and install software from trusted sources."

Popular Stories

apple intelligence black

Report: Apple's AI Strategy Could Finally Pay Off in 2026

Tuesday December 30, 2025 9:01 am PST by
Apple's restrained artificial intelligence strategy may pay off in 2026 amid the arrival of a revamped Siri and concerns around the AI market "bubble" bursting, The Information argues. The speculative report notes that Apple has taken a restrained approach with AI innovations compared with peers such as OpenAI, Google, and Meta, which are investing hundreds of billions of dollars in data...
Read Full Article178 comments
apple fitness 2026 1

Apple Teases 'Something Big' Coming Soon to Apple Fitness+

Tuesday December 30, 2025 2:11 pm PST by
The Apple Fitness+ Instagram account today teased that the service has "big plans" for 2026. In a video, several Apple Fitness+ trainers are shown holding up newspapers with headlines related to Apple Fitness+. What's Apple Fitness+ Planning for the New Year? Something Big is Coming to Apple Fitness+ The Countdown Begins. Apple Fitness+ 2026 is Almost Here 2026 Plans Still Under ...
Read Full Article115 comments
maxresdefault

Hands-On With a Rough iPhone Fold Mockup

Monday December 29, 2025 10:55 am PST by
Apple is rumored to be introducing a foldable iPhone in September 2026, and since it will bring the biggest form factor change since the iPhone was introduced in 2007, curiosity about the design is high. A 3D designer created an iPhone Fold design based on rumors, and we printed it out to see how it compares to Apple's current iPhones. Subscribe to the MacRumors YouTube channel for more ...
Read Full Article143 comments
maxresdefault

Where's the New Apple TV?

Monday December 22, 2025 11:30 am PST by
Apple hasn't updated the Apple TV 4K since 2022, and 2025 was supposed to be the year that we got a refresh. There were rumors suggesting Apple would release the new Apple TV before the end of 2025, but it looks like that's not going to happen now. Subscribe to the MacRumors YouTube channel for more videos. Bloomberg's Mark Gurman said several times across 2024 and 2025 that Apple would...
Read Full Article187 comments
iphone 17 pro dark blue 1

iPhone 17 Pro and Pro Max Users Report Static Speaker Noise While Charging

Tuesday December 30, 2025 10:39 am PST by
iPhone 17 Pro and Pro Max owners are having trouble with the speakers of their devices, and have complained about a static or hissing noise that occurs when the iPhone is charging. There are multiple discussions about the issue on Reddit, the MacRumors forums, and Apple's Support Community, where affected users say there is a noticeable static noise "like an old radio." Some people report...
Read Full Article140 comments
iPhone Top Left Hole Punch Face ID Feature Purple

iPhone 18 Pro Launching Next Year With These 12 New Features

Tuesday December 23, 2025 8:36 am PST by
While the iPhone 18 Pro and iPhone 18 Pro Max are not expected to launch for another nine months, there are already plenty of rumors about the devices. Below, we have recapped 12 features rumored for the iPhone 18 Pro models. The same overall design is expected, with 6.3-inch and 6.9-inch display sizes, and a "plateau" housing three rear cameras Under-screen Face ID Front camera in...
Read Full Article100 comments
iOS 26

iOS 26.2 Adds These 8 New Features to Your iPhone

Monday December 22, 2025 8:47 am PST by
Earlier this month, Apple released iOS 26.2, following more than a month of beta testing. It is a big update, with many new features and changes for iPhones. iOS 26.2 adds a Liquid Glass slider for the Lock Screen's clock, offline lyrics in Apple Music, and more. Below, we have highlighted a total of eight new features. Liquid Glass Slider on Lock Screen A new slider in the Lock...
Read Full Article
samsung glitter blue

Samsung's Year End Sale Introduces Major Discounts on Popular Monitors and TVs

Monday December 29, 2025 6:29 am PST by
Samsung kicked off a new end-of-the-year sale this week, introducing great deals on monitors, TVs, Galaxy smartphones, and home appliances. Many of these deals are the exact same all-time low prices we tracked during Black Friday and Cyber Monday. Note: MacRumors is an affiliate partner with Samsung. When you click a link and make a purchase, we may receive a small payment, which helps us keep ...
Read Full Article6 comments

Top Rated Comments

mattcha90 Avatar
mattcha90
146 months ago
This is what everyone who always complain about Apple's vice-grip on openness doesn't understand. If you stick with the Apple pre-approved things you're safe 99.99% of the time. It's only when you open yourself to third party apps that you run the risk of malware. It can't exist without you opening the door to it.
Score: 59 Votes (Like | Disagree)
needfx Avatar
needfx
146 months ago
applebola




-
Score: 27 Votes (Like | Disagree)
fins831 Avatar
fins831
146 months ago
this is why I love the closed environment Apple creates, if the consumer is smart, they will be unaffected 99percent of the time. Walled garden protect me from all the bad stuff please haha
Score: 21 Votes (Like | Disagree)
bbeagle Avatar
bbeagle
146 months ago
Trojan software exists on ALL systems. This is nothing new.

Anyone can write a program on Windows/Unix/OS X to do ANYTHING. That's really the point of personal computers. There is nothing Apple/Microsoft or anyone can do to stop this outside of using their approved app stores where they can take down a malicious app like this.

This article is just iHater bait to people who don't understand how software works. A virus or worm is a different thing. A trojan - can happen to any operating system at any time. A trojan is basically software that says it does one thing then actually does something else. That's what Apple's App Store helps avoid, apps like this. This proves, again, that the Apple closed app store protects users better.
Score: 17 Votes (Like | Disagree)
fallenjt Avatar
fallenjt
146 months ago
Thanks, Apple for your closed system and malware free environment. People in China want to get cheap apps or free app and this is their result of being cheap.

----------

This is why I have always been a big fan of the walled garden!:cool::apple:
Not one of my Apple products has suffered any virus attacks.:cool::apple:

mine too. My Mac Mini is on 24/7 since bought in Nov 2011...no attack, virus, malware ever.
Score: 11 Votes (Like | Disagree)
Michael Goff Avatar
Michael Goff
146 months ago
We gave jobs to them that just a few decades ago china had nothing to offer except fireworks! This is how they repay us in the many cruel ways that they have and the west refuses to wake up to what it's done to themselves! This could all be reversed.

And everyone who moved their business over there did it out of the kindness of their hearts, right?

:rolls eyes:
Score: 10 Votes (Like | Disagree)
Read All Comments