YiSpecter iOS Malware can infect any Apple iOS device

Dubbed YiSpecter, the malware infects iOS devices and once infected, YiSpecter can:

• Install unwanted apps
• Replace legitimate apps with ones it has downloaded
• Force apps to display unwanted, full-screen ads
• Change bookmarks as well as default search engines in Safari
• Send user information back to its server
• Automatically reappears even after a user manually deletes it from the iOS device

“YiSpecter consists of four different components that are signed with enterprise certificates. By abusing private APIs, these components download and install each other from a command and control (C2) server. Three of the malicious components use tricks to hide their icons from iOS’s SpringBoard, which prevents the user from finding and deleting them. The components also use the same name and logos of system apps to trick iOS power users.”

1. In iOS, go to Settings -> General -> Profiles to remove all unknown or untrusted profiles;
2. If there’s any installed apps named “情涩播放器”, “快播私密版” or “快播0”, delete them;
3. Use any third-party iOS management tool (e.g., iFunBox, though note that Apple’s iTunes doesn’t work in this step) on Windows or Mac OS X, to connect with your iPhone or iPad;
4. In the management tool, check all installed iOS apps; if there’re some apps have name like Phone, Weather, Game Center, Passbook, Notes, or Cydia, delete them. (Note that this step won’t affect original system apps but just delete faked malware.)