Three people suspected of involvement in the WireLurker malware campaign have been arrested in China, according to reports.
The suspects – whom the Beijing Public Security "internet" unit named only as Chen, Lee and Wang – were apparently arrested in the Beijing area following an investigation assisted by local security firm Qihoo 360.
A brief statement from the Beijing Municipal Public Security Bureau on the arrests is here (in Mandarin).
WireLurker is a hybrid malware strain that targets either Mac OS X or Windows users with a malicious binary that poses as an app. It then hops from an infected host onto a iOS device via a USB connections.
It is able to propagate to the iOS device (even if they are not jailbroken) by leveraging enterprise provisioning profiles to bypass other iOS security checks. It can also infect jailbroken iThings.
The malware, first discovered by security researchers at Palo Alto Networks, harvests data from infected iPads or iPhones before uploading it to a command & control server on the Miyadi iOS App store. Data snaffled included phone book addresses, numbers, Apple ID, UDIDs and data from the device storage.
The command node was quickly pulled. Although Trojanised apps that spread WireLurker were downloaded hundreds of thousands of times, the actual number of infections recorded by security firms such as Kaspersky Lab were relatively few.
WireLurker shattered the conventional wisdom that non-jailbroken iThings are incapable of being infected by malware. ®