Table Of Contents
WireLurker for Windows
Researchers at AlienVault has found a older version of WireLurker which uses Windows devices to spread.ย Jaime Blasco from AlienVault Labs who discovered this variant of WireLurker notified it toย Palo Alto Networks Inc who then republished a new report on the Windows variant of this malware.
The earlier research paper said that WireLurkerย used OS X applications to infect iOS devices and there was no details on the Windows version of the malware.
Windows Version considered as the Earliest variant of WireLurker
The Windows variant of WireLurker was distributed throughย Baidu YunPan (a public cloud storage service of Baidu)ย by user โekangwen206โ, Palo Alto Network said in there report.
A total of 247 files were uploaded by this user which consisted of 180 Windows executable files and 67 OS X applications and was uploaded on March 12th and 13th almost a month before theย Mayaidi App store infections. most of these files were being spread through the pirated version of popular apps such as Facebook, Whatsapp, Instagram, Twitter, iBooks, iMovies, Calaulator, Keynote, Flappy Bird and others which contained the WireLurker hidden inside. These filesย were downloaded a total of 65,213 times. of which aboutย 97.7% of the downloads were for Windows samples.
How the WireLurkerย Spreads
After the victim downloads and executes the file on his Windows device he is asked to download the iTunes fromย an official site of Apple China. If its already installed the iTune interface showsย a messageย “waiting for iOS device connection” when the victim connects his device and installs the pirated version of the iOS app. the malware gets installed too but only on jail broken iOS devices.
The later is very similar to itsย Mac OS X descendent where it sends the stolen data to the same command and control server and usesย Maiyadi app store to check for updates.
Palo Alto Networks has already published updates for Antivirus, ISP’s and other security vendors to update there product for the WireLurker detection
The WireLurker can also be detected using the opensource code released on Githubย https://github.com/PaloAltoNetworks-BD/WireLurkerDetector