YiSpector: First iOS Malware That Attacks On Apple iOS Devices
YiSpecter is different from previously seen iOS malware in that it attacks both jailbroken and non-jailbroken iOS devices through unique and harmful malicious behaviors.
Cyber Security firm Palo Alto networks researcher Claud Xiao defines that, how this malware attack work on iOS devices which targets in China and Taiwan.
He said in the blog,
Specifically, it’s the first malware we’ve seen in the wild that abuses private APIs in the iOS system to implement malicious functionalities.
|Yispector Infected iOS device|
YiSpecter is the first real world iOS malware that combines these two attack techniques and causes harm to a wider range of users. It pushes the line barrier of iOS security back another step.
- Whether an iPhone is jailbroken or not, the malware can be successfully downloaded and installed.
- Even if you manually delete the malware, it will automatically re-appear
- Using third-party tools you can find some strange additional “system apps” on infected phones
- On infected phones, in some cases when the user opens a normal app, a full screen advertisement will show.
Palo Alto Networks has released IPS and DNS signatures to block YiSpecter’s malicious traffic. This blog also contains suggestions for how other users can manually remove YiSpecter and avoid potential similar attacks in the future. Apple has also been notified.
According to analysis reports by Qihoo 360 and Cheetah Mobile, YiSpecter was also spread by the Lingdun worm.
|A malicious webpage uploaded by Lingdun worm|
Lingdun uses fake VeriSign and Symantec certificates to bypass malware detection systems. Its primary goal is to download and to install additional Windows software onto a PC. Most of this additional software is benign but at least one installation was malicious.
Apple said in Statement,
"This issue only impacts users on older versions of iOS who have also downloaded malware from untrusted sources. We addressed this specific issue in iOS 8.4 and we have also blocked the identified apps that distribute this malware. We encourage customers to stay current with the latest version of iOS for the latest security updates. We also encourage them to only download from trusted sources like the App Store and pay attention to any warnings as they download apps.”
How to Remove YiSpecter from Your iOS Devices?
- Go to Settings –> General –> Profiles and remove all unknown or untrusted profiles.
- Delete any installed apps with names 情涩播放器, 快播私密版 or 快播0.
- You can use any third-party iOS management tool such as iFunBox on Windows or Mac OS X to connect with your iPhone or iPad
- Then check for installed iOS apps like Phone, Weather, Game Center, Passbook, Notes, or Cydia and delete them.
Last month, we reported XcodeGhost malware infected almost 40 popular apps in the Chinese App. Store.