Share

Yispecter iOS malware infects devices that aren’t jailbroken

Cyber security researchers have identified malware that targets users of Apple’s iOS mobile operating system in China and Taiwan, subjecting them to nuisances like unwanted, full-screen advertisements.

Advertisement

Hackers and online hoodlums are not only targeting mobile Android users all over the world, as Chinese iPhone users are not safe from harm either.

According to Palo Alto Networks (via TechCrunch), YiSpecter represents a new level of attack on iOS because of the way that it uses private APIs to enable its four components to download and install one another.

The new malware, which is making the rounds in China and Taiwan, offers ways to circumvent the government’s Internet censorship. The user can not delete or remove the malware anymore knowing that it is still there. It explained that the users are still at risk from malicious software.

Xiao said that Unit 42 has since detected more than 100 apps that contain code not-approved by Apple that had bypassed its strict review process. These newly installed apps are then hidden on the homescreen, and iOS users will be unable to uninstall the malware until a solution has been found.

An enterprise selling point for Apple, particularly versus its main mobile competitor Android, is the reputation that iOS devices and apps have for rock-solid security. Despite the unique nature of both malware, however, Palo Alto Networks says there is no evidence that XcodeGhost and YiSpecter are related. Back in September of 2009, 39 malware-infected applications had to be removed from the Apple App Store, despite the company’s thorough security procedures.

Apple has been notified of Unit 42’s findings.

Carolyn Wu, a Beijing-based spokeswoman for Apple, wasn’t immediately able to comment on the report Monday, which is a public holiday in China. Due to doing so, it also remains unclear as to which types of data would be vulnerable to this malware, or what the objective of these infections could be in the long run. Modifying the malware’s code to target French or Spanish speaking users, for example, is not that unthinkable.

Advertisement

The malware appears to have been active for 10 months, initially made available via a porn app. Once it infects an iPhone, it will download, install and launch arbitrary iOS apps, replace existing apps with those it downloads, hijack other apps’ execution to display advertisements, change Safari’s default search engine, bookmarks and opened pages, and upload device information to an attacker’s server.

How To Conserve Your Apple iPhone Battery After Updating To iOS 9