- Threat Encyclopedia
- Malware
- OSX_WIRELURK.A
OSX/WireLurker.A (ESET), Trojan-Downloader.OSX.WireLurker.a (Kaspersky)
Mac OS X (64-bit)
Downloaded from the Internet, Dropped by other malware
This is the Trend Micro detection for Trojanized apps that belong to the Wirelurker malware family.
This Trojan may arrive bundled with malware packages as a malware component. It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
It connects to certain websites to send and receive information.
Varies
Other
Yes
07 Nov 2014
Steals information
Arrival Details
This Trojan may arrive bundled with malware packages as a malware component.
It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.
Installation
This Trojan drops the following component file(s):
Information Theft
This Trojan gathers the following data:
Other Details
This Trojan connects to the following website to send and receive information:
NOTES:
The component globalupdate (detected as OSX_WIRELURK.A) enables the malware to download an updated copy of itself from the server and save it as follows:
It connects to the following URL to retrieve a link of its updated copy:
It constantly checks for plugged in iOS devices. Once found, it connects to http://{BLOCKED}onewiki.com/wiki/AFC.com.apple.afc2 (AFC2 service) to allow access to the device. It then copies the following file to the device:
9.700
11.262.04
07 Nov 2014
11.263.00
08 Nov 2014
NOTES: