What is WireLurker and is my Mac at risk?

WireLurker: What is it?

Palo Alto Networks, a security company known for breaking news on new viruses first uncovered this dual threat in 2014. Although concerning at the time - malware attacks weren't often created for the Apple operating system (and even fewer were created to attack iOS) - the virus, created for monetary gain, focused on mainland China and the Chinese expatriate community.

Few, if any, macOS (OS X at the time) and iOS devices were believed to be infected in the US or Europe. Once it was detected and located within China, the Chinese authorities acted fast to contain the problem.

A Chinese IT security company, Qihoo 360 Technology, alerted the Beijing police's Internet security team, resulting in the arrest of three suspects, known as Chen, Li and Wang, in November 2014. At the time of the arrests, the Chinese police also shut down the website that was believed to be spreading the malware, Maiyadi, a third-party software sharing site, according to a statement on a popular Chinese social network, Sina Weibo.

WireLurker was found to be hiding within the downloader/installer application within Maiyadi, which people were using to download popular apps, such as The Sims, Angry Birds, Bejewelled and numerous others. It is believed that over 365,000 people downloaded these apps, then many of them uploaded them using a USB to iOS devices. For the first time, this malware virus could infect non-jailbroken iPhones, posing a more serious threat that previous attempts to infect iPhone’s with malware.

Alongside police action, Apple warned users to only download apps from trusted, verified sources. To prevent the spread of the infection, Apple quickly stopped any of the apps from opening that were known to contain WireLurker within the installer, and soon after it released updates to further prevent the spread of the virus.


Is WireLurker still a threat?

Potentially, yes, if it has gone undetected.

It is much more of a threat in China, especially if you ever downloaded apps in 2014 from third-party websites, such as Maiyadi. As people upgrade devices, old problems can carry over from one device for another when they aren't identified early on.

Once WireLurker makes its way over to an iOS device via the USB, it seeks out popular versions of eBay, PayPal and photo editor apps, replacing them with malicious versions. It also re-writes how a macOS device communicates with an iOS device, leaving it more vulnerable to security threats and other viruses. This is one of the main ways WireLurker still poses a threat. Even after the malware operation was shut down, any undetected malware virus creates a security risk that other viruses can use as an attack vector.

How to remove WireLurker?

As is the case with any malware infection, they often prove difficult to find and remove manually.

Although that is possible, doing this does take time and due to the nature of this malware, you will need to check your iOS and macOS device.

To start with, removing that application and other traces of it throughout your system files is essential. It is the only way to avoid further malware infections from that source. Go through Applications and Library folders and files to search for anything else either connected to WireLurker, including checking in iOS backup folders, paying close attention to popular Chinese versions of eBay, PayPal and photo editor apps.

It is also worth checking your browser settings to prevent any future problems within the browser. Within Safari, Chrome and Firefox, you should examine Extensions and Add-ons to locate and remove anything that you don't recognize.

Be careful when doing this. It can take time and removing anything accidentally that your Mac needs could cause operating system problems. A better way to remove malware viruses and WireLurker in particular, safely, is using a malware removal tool, such as CleanMyMac X.

CleanMyMac X is an invaluable tool for improving the overall performance of your Mac. Users find they get back 62GB of space, on average, ensuring that their devices run faster and smoother.

To remove malware this way, all you need to do is:

  1. Download CleanMyMac X (a free trial version is available).
  2. Open the app.
  3. Click Malware Removal.
  4. Click Scan to scan your Mac for threats.
  5. Click Remove to approve the deletion.

Keeping your Mac safe is a never ending process. Keeping your macOS and iOS up to date helps ensure you’ve got the most relevant security upgrades, preventing almost every known threat from infecting your devices with the layers of built-in security Apple creates.

But that, as we’ve seen time and again, is never enough. Scanning for threats and viruses is an essential part of Mac safety. And avoiding third-party sites for software downloads that you aren't sure of or can’t be trusted is also a sensible precaution to take.

Stay safe!

CleanMyMac X
CleanMyMac X

Your Mac. As good as new.