This is NOT CROSS PLATFORM

[jty1964]

Great idea for detecting the malware but there is a major problem. For users that don't have access to an OS X system, what are they to do?

Windows doesn't have Python installed on their system by default.
*nix (including Linux and BSD) users have no way to update their phones.

What is the plan going forward for these individuals?

[tylerwowen]

They mentioned that this malware only affect Mac os x and iOS.

[amorcito]

When can we see a detector for an IOS device?

[secmobi]

@amorcito We don't plan to support iOS in this project.

[amorcito]

Can you recommend anything I can do, to detect on my IOS product. I have jailbroken my phone, so I would like to see, if that malware is present. I would assume it's not, but I just prefer to be sure. My macbook is clean, thank fully.

Thanks for your support.

[secmobi]

Just quoted from the whitepaper:

A quick check for iOS devices includes determining whether any unauthorized enterprise provisioning profiles were created by navigating to “Settings -> General
-> Profile”. If an anomalous profile is found, it should be removed and a subsequent check of all applications should be performed. Delete any strange applications found on the device. For jailbroken devices, we recommend that you check whether the file “/Library/MobileSubstrate/DynamicLibraries/sfbase.dylib” exists. If so, you should delete it through a terminal connection, via an application like MobileTerminal or Secure Shell (SSH).

[amorcito]

Thank you for taking the time to respond. I've just looked over my phone and I don't have a profile section, nor do I have that "sfbase.dylib existing there. Thankfully! I will be even more careful moving forward. Thank you again!

[skull-squadron]

I updated my ghetto malware scanner script based on this analysis of WireLurker on JB'ed iOS.

(Makes one pine for Tripwire & a decent policy for iOS.)