Chinese Authorities Shut Down WireLurker Distribution Site, Arrest Suspects Involved - MacRumors
Skip to Content

Chinese Authorities Shut Down WireLurker Distribution Site, Arrest Suspects Involved

by

lightning_usb_cable_0_5_mLast Friday, Chinese authorities arrested three individuals that are suspected of developing the "WireLurker" malware, which infected thousands of mobile devices in China after Mac users installed malicious software from a third-party App Store.

According to a police post on Chinese social network Sina Weibo, the three men were arrested in Beijing on suspicion of "manufacturing and distributing" WireLurker after police received a tip from Chinese security company Qihoo 360 technology. In addition to arresting the suspects involved in the creation of the malicious software, Chinese authorities also shut down the site that was spreading it.

First publicized by researchers in early November, WireLurker is a trojan that infected thousands of Chinese iOS and Mac users after they installed software from the Maiyadi App Store, a third-party app platform that delivered more than 400 infected OS X applications.

WireLurker was able to attack iOS devices through Macs using USB, and was described as heralding "a new era in malware attacking Apple's desktop and mobile platforms." After being installed on a Mac, WireLurker would infect an iOS device using enterprise provisioning, making it the first malware capable of installing third-party applications on non-jailbroken iOS devices.

At the time information was published on WireLurker, infected apps had already been downloaded more than 356,104 times. Apple quickly took steps to block the infected apps, preventing them from launching, and in a statement, it reminded users not to install software from untrusted sources.

Just a week after WireLurker surfaced, another vulnerability in iOS was publicized by researchers. Called Masque Attack, it also infects iOS devices using enterprise provision profiles and is somewhat more dangerous, as it can replace existing apps with nearly undetectable fake versions.

Though it hasn't been found in the wild, Masque Attack prompted a warning from the U.S. government and a statement from Apple, with the company once again encouraging customers to download apps only from trusted sources.

Neither Masque Attack nor WireLurker are likely to affect the average iOS user as long as Apple's security features are not bypassed, as both vulnerabilities circumvent the App Store and Mac App Store to install apps.

Popular Stories

Apple Wallet

iOS 27 Will Add Two New Apple Wallet Features to Your iPhone

Monday June 1, 2026 12:15 pm PDT by
Apple is set to unveil iOS 27 during its WWDC 2026 keynote on Monday, June 8, and the update will reportedly include two new Apple Wallet features. First, iOS 27 will reportedly let users create their own digital passes by scanning items like movie tickets, concert passes, and gym membership cards. Many apps already offer Apple Wallet passes, but now users will be able to create a custom...
Read Full Article
Dynamic Island iPhone 18 Pro Feature

iPhone 18 Pro Battery Capacities Allegedly Leaked

Tuesday June 2, 2026 1:54 am PDT by
Battery capacities for Apple's upcoming iPhone 18 Pro have allegedly surfaced, and the numbers suggest only a modest increase over the iPhone 17 Pro. According to prolific Weibo-based leaker Digital Chat Station, Apple is testing the iPhone 18 Pro with different battery capacities for the China and U.S. versions of the device, similar to last year's iPhone 17 Pro models. The Chinese model is ...
Read Full Article40 comments
macOS 27 on MacBook Pro

Apple Says macOS 27 Won't Be Compatible With These Macs

Wednesday June 3, 2026 8:29 am PDT by
During WWDC 2025, Apple revealed that macOS 26 Tahoe would be the final major macOS version for Intel-based Macs. macOS 27 will be compatible with Apple silicon Macs only, meaning that you will need a Mac with an M-series chip or a MacBook Neo with an A18 Pro chip in order to install the software update. Apple will unveil macOS 27 during its WWDC 2026 keynote this Monday, June 8, and the...
Read Full Article90 comments

Top Rated Comments

mgipe Avatar
mgipe
151 months ago
Probably gave them an offer they couldn't refuse: go on the government payroll or go to jail.
Score: 13 Votes (Like | Disagree)
M
Michaelgtrusa
151 months ago
I will need to see more evidence before i'm convinced that this so called arrest isn't just propaganda.
Score: 11 Votes (Like | Disagree)
G
GeneralChang
151 months ago
My favorite part of these attacks are the part when I realize that because I download stuff only from the App Store and my company's website, I'm good. Love that security.
Score: 8 Votes (Like | Disagree)
macs4nw Avatar
macs4nw
151 months ago
"Neither Masque Attack nor WireLurker are likely to affect the average iOS user as long as Apple's security features are not bypassed, as both apps circumvent the App Store and Mac App Store to install apps."

And that's the key portion of the article, my friends. Live 'dangerously' at your own peril.
Score: 8 Votes (Like | Disagree)
Tzerlag Avatar
Tzerlag
151 months ago
PLA unit 61398 didn't like the competition.
Score: 7 Votes (Like | Disagree)
nepalisherpa Avatar
nepalisherpa
151 months ago
There will be lurkers waiting for them in the prison. Good job!
Score: 6 Votes (Like | Disagree)
Read All Comments