The Beijing Bureau of Public security has announced the arrest of three suspects charged with distributing the WireLurker malware through a popular Chinese third-party online app store. The authorities also say the website that was responsible for spreading the malware has also been shut down.
"WireLurker" malware was originally discovered earlier this month by security firm Palo Alto Networks targeting Apple users in China. The malware appeared as the first malicious software program that has ability to penetrate the iPhone's strict software controls. The main concern to worry about this threat was its ability to attack non-jailbroken iOS devices.
Once a device infected with the malware, the virus could download the malicious and unapproved apps, which are designed to steal information, from the third-party app stores and, if it detects an iOS device connected through the USB slot, it would install the malicious apps on the device as well.
"This malware is under active development and its creator’s ultimate goal is not yet clear," the researchers wrote in a report [PDF]. "The ultimate goal of the WireLurker attacks is not completely clear. The functionality and infrastructure allows the attacker to collect significant amounts of information from a large number of Chinese iOS and Mac OS systems, but none of the information points to a specific motive. We believe WireLurker has not yet revealed its full functionality."
Unlike most iPhone bug, WireLurker malware has ability to install even on non-jailbroken iOS devices because the malware authors have used enterprise certificates to sign the apps. Apple has since revoked these cryptographic certificates used to sign WireLurker, and blocked all the apps signed with it. Palo Alto estimated that hundreds of thousands of users installed the malicious apps.
China appears to have taken the threat very seriously and within two weeks arrested three individuals who are believed to be the creators of the malicious software.
Although, there is not much details available about the arrest as the Bureau has simply posted a short notification on its Sina Weibo, a Chinese micro blogging service.
But according to the Chinese authorities, the three suspects are identified as "Chen," "Lee" and "Wang," who are suspected of manufacturing and distributing the malicious program "for illegal profit," and that the Chinese authorities have been helped in the investigation by researchers from Chinese AV company Qihoo 360.