The recent XCodeGhost attack suffered by Apple demonstrated that nobody is completely secure from malware-based attacks. Now security researchers at PaloAlto Networks have discovered a new malware dubbed YiSpecter that they sustain is able to compromise both jailbroken as well as non-jailbroken iOS devices.
YiSpecter has been abusing private APIs and enterprise certificates to infect any iOs device.
“Whether an iPhone is jailbroken or not, the malware can be successfully downloaded and installed,” states the blog post published by PaloAlto Network. “Even if you manually delete, it will automatically re-appear.”
The new YiSpecter threat targets Apple’s iOS users in China and Taiwan, but at the time I’m writing there are no news on the number of infected devices.
According to researchers at PaloAlto Networks, YiSpecter malware has been targeting Apple’s iOS devices for over 10 months. YiSpecter was first spread by disguising as an app that lets users watch free adult content. The app has been proposed as a private version of the famous media player “QVOD,” which is a popular video streaming app developed by Kuaibo to share porn videos.
“YiSpecter began to spread in the wild in November 2014, if not earlier. The main iOS apps of this malware have user interface and functionality that enable the watching of free porn videos online, and were advertised as “private version” or “version 5.0” of a famous media player “QVOD”. QVOD was developed by Kuaibo(快播) and became popular in China by users who share porn videos.” states the report.
Once infected the iOS mobile device is it able to perform the following actions:
Dubbed YiSpecter, the malware infects iOS devices and once infected, YiSpecter can:
“YiSpecter consists of four different components that are signed with enterprise certificates. By abusing private APIs, these components download and install each other from a command and control (C2) server. Three of the malicious components use tricks to hide their icons from iOS’s SpringBoard, which prevents the user from finding and deleting them. The components also use the same name and logos of system apps to trick iOS power users.”
How to Remove YiSpecter from Your iOS Devices?