Suspected WireLurker creators and distributors arrested in China

Three individuals been arrested by the Beijing Municipal Public Security Bureau in connection to the WireLurker OS X and iOS malware being served to users of Maiyadi, a popular Chinese third-party online app store.

Not many details about the arrest are available. The Bureau has simply posted a short notification on its Sina Weibo (microblogging) account, identifying the suspects as “Chen, Lee and Wang,” saying that they are suspected of manufacturing and distributing the malicious program “for illegal profit,” noting that they online store has been shut down, and that they have been helped in the investigation by researchers from Chinese AV company Qihoo 360.

Maiyadi is (was) a popular site that provided Apple-related news, but its popularity is mainly due to the fact that its app store offered pirated apps for both Macs and iOS devices for download.

The unprecedented WireLurker malware was first analyzed by Palo Alto Networks researchers, who discovered that the malware was initially aimed at OS X-running machines and PCs running Windows, but that its ultimate goal was to infect iOS devices via USB, and to exfiltrate a variety of data from them (even if they have not been jailbroken).

They said at the time that they have reason to “suspect that Maiyadi has a close relationship with the creator of WireLurker.” It was noted later that the Trojanized apps were marked with the QQ account number that corresponds to the owner of the Maiyadi website.

After the discovery of the malware, Apple has reacted by revoking the cryptographic certificate used to sign WireLurker, and blocking all the apps signed with it.