New Malware Called YiSpecter Is Attacking iOS Devices in China And Taiwan


  • Share this Story On Facebook
  • Share On Twitter

Cybersecurity firm Palo Alto Networks has identified new malware, which it calls YiSpecter, that infects iOS devices by abusing private APIs. Most affected users live in China and Taiwan.

Once it infects a phone, YiSpecter can install unwanted apps; replacing legitimate apps with ones it has downloaded; force apps to display full-screen advertisements; change bookmarks and default search engines in Safari; and send user information back to its server. It also automatically reappears even after users manually delete it from their iOS devices.

Palo Alto Networks says YiSpecter is unusual for iOS malware—at least ones that have been identified so far—because it attacks jailbroken and non-jailbroken iOS devices by misusing private APIs to allow its four components (which are signed with enterprise certificates to appear legitimate) to download and install each other from a centralized server.

In the post, Palo Alto Networks’ security researcher Claud Xiao wrote that by abusing enterprise certificates and private APIs, YiSpecter is not only able to infect more devices, but “pushes the line barrier of iOS security back another step.”

Three of the components can hide their icons from iOS SpringBoard (the standard app that runs the home screen) and even disguise themselves with the names and logos of other apps to escape detection from users. Palo Alto Networks says the malware has been infecting iOS devices for over 10 months, but only one out of 57 security vendors in VirusTotal, a free scanning service, is currently detecting it.

YiSpecter first spread by masquerading as an app that allows users to view free porn. It then infected more phones through hijacked traffic from Internet service providers, a Windows worm that first attacked QQ (an IM service by Tencent), and online communities where users install third-party apps in exchange for promotion fees from developers.

Last month, another malware called XcodeGhost infected almost 40 popular apps in the Chinese App Store, which is very unusual because Apple first subjects apps to strict reviews. Despite the unique nature of both malware, however, Palo Alto Networks says there is no evidence that XcodeGhost and YiSpecter are related.

TechCrunch has contacted Apple for comment.

Palo Alto Networks’ blog post has more information on YiSpecter, as well as detailed steps for removing it from devices.

Featured Image: Shutterstock


Source link

Did you enjoy this article?
Signup today and receive free updates straight in your inbox. We will never share or sell your email address.

Leave a Reply

Your email address will not be published. Required fields are marked *

Share on Facebook Share
Share on Twitter Tweet
Share on Google Plus Share
Share on Pinterest Share
Share on Reddit Share
Share on Tumblr Share