WireLurker is a family of macOS malware that targets iOS devices connected over USB. [1]

ID: S0312
Version: 1.0
Created: 25 October 2017
Last Modified: 24 October 2022

Techniques Used

Domain ID Name Use
Mobile T1406 Obfuscated Files or Information

WireLurker obfuscates its payload through complex code structure, multiple component versions, file hiding, code obfuscation and customized encryption to thwart anti-reversing.[1]

Mobile T1458 Replication Through Removable Media

WireLurker monitors for iOS devices connected via USB to an infected OSX computer and installs downloaded third-party applications or automatically generated malicious applications onto the device.[1]