Among its defining characteristics, WireLurker represents:
- The first known malware family that can infect installed iOS applications similar to how a traditional virus would
- The first in-the-wild malware family that can install third-party applications on non-jailbroken iOS devices through enterprise provisioning
- Only the second known malware family that attacks iOS devices through OS X via USB
- The first malware family to automate generation of malicious iOS applications through binary file replacement.
Palo Alto Networks has released signatures to detect all WireLurker Command & Control communication traffic.
“WireLurker is unlike anything we’ve ever seen in terms of Apple iOS and OS X malware. The techniques in use suggest that bad actors are getting more sophisticated when it comes to exploiting some of the world’s best-known desktop and mobile platforms. As such we have provided full protection to Palo Alto Networks customers and published a detailed report so others can assess the risk and take appropriate measures to protect themselves,” stated Ryan Olson, Intelligence Director, Unit 42, Palo Alto Networks.