Skip to content

S0312 WireLurker

WireLurker is a family of macOS malware that targets iOS devices connected over USB. 2

Item Value
ID S0312
Version 1.0
Created 25 October 2017
Last Modified 24 October 2022
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
mobile T1406 Obfuscated Files or Information WireLurker obfuscates its payload through complex code structure, multiple component versions, file hiding, code obfuscation and customized encryption to thwart anti-reversing.2
mobile T1458 Replication Through Removable Media WireLurker monitors for iOS devices connected via USB to an infected OSX computer and installs downloaded third-party applications or automatically generated malicious applications onto the device.2