New Malware named “YiSpecter” attacks iOS devices in China And Taiwan

New Malware named “YiSpecter” attacks iOS devices in China And Taiwan

New Malware named “YiSpecter” attacks iOS devices in China And Taiwan

Written by Staff Writer

05 Oct, 2015 | 3:52 pm

Palo Alto Networks which is a Cybersecurity firm has identified new malware named “YiSpecter”, that infects iOS devices abusing private APIs

It is reported that most users of China and Taiwan have been affected by this malware. The feature of this malware is that it infects the phone and installs unwanted apps; replacing legitimate apps. It also forces apps to display full screen adverstisements ; change bookmarks and default search engines in Safari; also automatically reappears even after users manually delete it from their iOS devices.

Palo Alto Networks says YiSpecter is unusual for iOS malware—at least ones that have been identified so far—because it attacks jailbroken and non-jailbroken iOS devices by misusing private APIs to allow its four components (which are signed with enterprise certificates to appear legitimate) to download and install each other from a centralized server.

In the post, Palo Alto Networks’ security researcher Claud Xiao wrote that by abusing enterprise certificates and private APIs, YiSpecter is not only able to infect more devices, but “pushes the line barrier of iOS security back another step.”

Three of the components can hide their icons from iOS SpringBoard (the standard app that runs the home screen) and even disguise themselves with the names and logos of other apps to escape detection from users. Palo Alto Networks says the malware has been infecting iOS devices for over 10 months, but only one out of 57 security vendors in VirusTotal, a free scanning service, is currently detecting it.

YiSpecter first spread by masquerading as an app that allows users to view free porn. It then infected more phones through hijacked traffic from Internet service providers, a Windows worm that first attacked QQ (an IM service by Tencent), and online communities where users install third-party apps in exchange for promotion fees from developers.

Last month, another malware called XcodeGhost infected almost 40 popular apps in the Chinese App Store, which is very unusual because Apple first subjects apps to strict reviews. Despite the unique nature of both malware, however, Palo Alto Networks says there is no evidence that XcodeGhost and YiSpecter are related.

Latest News

Are you interested in advertising on our website or video channel
Please contact us at [email protected]