Script for detecting the WireLurker malware family

WireLurker Detector


This project provides script and/or tool to detect the WireLurker malware family found by Palo Alto Networks in Nov 2014.

For details of the WireLurker:

Usage for OS X users

  1. Open the Terminal application in your OS X system;

  2. Execute this command to download the script:

    curl -O https://raw.githubusercontent.com/PaloAltoNetworks/WireLurkerDetector/master/WireLurkerDetectorOSX.py
  3. Run the script in the Terminal:

    python WireLurkerDetectorOSX.py
  4. Read the output messages and detection result.

For Windows users

We described how to technically detect the Windows variant of WireLurker in this document: HOWTO-Windows.md . Please take a look at it if you would like to contribute on it.

Here are some Windows detection tools developed by others. Remember to thanks them!


For any issue on the code and its result, please create a issue here: https://github.com/PaloAltoNetworks/WireLurkerDetector/issues

Developer Sites


Copyright © 2024 Palo Alto Networks, Inc. All rights reserved.