WireLurker is a family of macOS malware that targets iOS devices connected over USB. [1]

ID: S0312
Platforms: iOS
Version: 1.1
Created: 25 October 2017
Last Modified: 11 December 2018

Techniques Used

Domain ID Name Use
Mobile T1458 Exploit via Charging Station or PC

WireLurker monitors for iOS devices connected via USB to an infected OSX computer and installs downloaded third-party applications or automatically generated malicious applications onto the device.[1]

Mobile T1406 Obfuscated Files or Information

WireLurker obfuscates its payload through complex code structure, multiple component versions, file hiding, code obfuscation and customized encryption to thwart anti-reversing.[1]