New YiSpecter Malware Goes After Non-Jailbroken iOS Devices, Can’t Be Deleted
Apple has seen itself in a lot of trouble lately when it comes to security of its mobile operating system for iPhone, iPad and iPod touch. Lately, malware managed to sneak into the App Store, XcodeGhost, and it originated from developers who were using non-legit version of Xcode, downloaded from sources other than Apple itself. The XcodeGhost malware, was then brought under control thanks to Apple’s action by removing affected apps. But now, it seems as though the troubles are far from over, as a new malware has been discovered, and just like XcodeGhost, it has the ability to target iOS devices whether they are jailbroken or not.
Apple Now Has A New Malware To Worry About
The newly discovered malware, called YiSpecter, is the first malware in its class that utilizes private APIs in iOS to spread its havoc. This is something that has never ever been witnessed on a malware before, and YiSpecter aims to change all of that we’ve known so far. But where there’s bad news, there’s good news as well. For instance, the malware is currently targeting those that live in Taiwan and China, and the malware has not managed to leave the boundaries of those two regions.
The malware spreads itself to other locations by hijacking traffic from different ISPs and utilizing an SNS worm in Windows. There on in, it can move itself to new locations.
According to Palo Alto Networks, who made the discovery of the new nastiness:
Whether an iPhone is jailbroken or not, the malware can be successfully downloaded and installed
Even if you manually delete the malware, it will automatically re-appear
Using third-party tools you can find some strange additional “system apps” on infected phonesAdvertisement
On infected phones, in some cases when the user opens a normal app, a full screen advertisement will show
Palo Alto Networks also adds that:
YiSpecter consists of four different components that are signed with enterprise certificates. By abusing private APIs, these components download and install each other from a command and control (C2) server. Three of the malicious components use tricks to hide their icons from iOS’s SpringBoard, which prevents the user from finding and deleting them. The components also use the same name and logos of system apps to trick iOS power users.
We really wish Apple acts swiftly this time as well to patch YiSpecter. Till then, we highly recommend users not to click on suspicious links that aim to install third-party ‘software’ onto your device. A bad move on the Interwebs can spread a lot of trouble and havoc, something which will cost you all your data and your private credentials.
Let’s just cross our fingers and pray that this new menace is all over way too soon.