Security, Malware, Wirelurker removal

This page describes how to clean up the Wirelurker malware from an infected device

Wirelurker is malware spread through infected third-party applications, typically downloaded from a variety of third-party stores.  Wirelurker infects both MacOS X and Windows and passes through USB to iOS devices.

To clean a Windows device, run an up-to-date malware scanner, such as Malwarebytes.

To clean a Mac OS X device, run the script documented at https://github.com/PaloAltoNetworks-BD/WireLurkerDetector, then delete any files it detects and restart the machine.

To clean your iOS device, you should follow the following steps excerpted from <http://www.macissues.com/2014/11/06/faq-on-how-to-detect-and-remove-wirelurker-from-os-x-and-ios/>

How do I remove WireLurker from iOS?

If you have detected WireLurker on your Mac and have attached your iOS device to it with a USB cable, then you likely have compromised your iOS device. In this case, you should take no chances and wipe your iOS device:

1) Use iCloud to back up your device and all personal data on it

2) Go to Settings > General > Reset

3) Tap “Erase All Content and Settings” to clear all apps and data from the device

4) Restart your iOS device and set it up again

5) Sign into iCloud when you set up your iOS device and restore your backed up data

6) If needed, download your apps again from the App Store

You can also attach your iPhone or iPad to your Mac and use the “Restore iPhone/iPad” button in iTunes to factory-reset the device. The key to these steps is they clear out all programs on your iOS device which may have been compromised, and replace them with fresh copies. Your data and files should all be preserved, though you might lose some application settings.


If you received a message from Privacy and Information Security stating your mobile access to the campus network has been blocked, run the cleanup steps above, then email security@illinois.edu to restore your mobile access.



Keywords:Wirelurker infected virus malware iOS OS X Windows removal mobile wireless VPN block   Doc ID:55414
Owner:Security S.Group:University of Illinois Technology Services
Created:2015-08-19 15:28 CSTUpdated:2016-12-19 16:10 CST
Sites:University of Illinois Technology Services
Feedback:  0   0