CATEGORIES
home News

YiSpecter Malware Sneak Attacks Non-Jailbroken iPhones In China And Taiwan

by Rob WilliamsMonday, October 05, 2015, 10:15 AM EDT
The researchers at Palo Alto Networks are working overtime thanks to plenty of new mobile exploits creeping up seemingly every day. Recently, the firm has been responsible for a couple of big stories revolving around Apple's iOS. Back in August, it found that over 225,000 Apple accounts were stolen from jailbroken devices, and just a couple of weeks ago, it clued us in to the XcodeGhost malware, which Apple itself managed to let slip into its official store.

Now, we're given news of more malware, but fortunately for those outside of Asia, it looks like there's no reason for concern. However, this malware is able to affect non-jailbroken devices, so it is still a topic that needs to watched very closely.

Palo Alto Networks dubs this new malware YiSpecter, and as mentioned, it can affect stock devices (and jailbroken ones alike). Interestingly, it's the first malware the company's noted that abuses private APIs in iOS in order to get its job done. So far, the firm says that only users in China and Taiwan have been affected.

iOS Malware Internet Hijacking Large
One of YiSpecter's attack vectors is through traffic hijacking

Another reason for concern is the fact that this malware can be installed with the help of traffic hijacking, an SNS worm on Windows, offline app installation, and community promotion. The firm notes that as of today, Virus Total, a Web service that scans files from myriad virus scanners, only returns one detection (out of 47).

Because YiSpecter can take advantage of system APIs, it can pull off a number of different tasks, including replacing installed apps with infected ones, installing unique apps that it can hide from view, change Safari's default search engine, show advertisements, and so forth. Generally speaking, this would be a serious nuisance, and it's one that's taken about ten full months to discover.

Enterprise Certificates
Part of this malware, NoIcon, used an enterprise certificate

Palo Alto Networks notes that there exist 100 apps in the official App Store that abuse private APIs in much the same way as this malware, and despite Apple's strict code review, they've still managed to get through.

It's not mentioned whether or not Apple is on the case of squashing whatever bug allows these exploits to happen, but the company typically wastes no time on these things. Given what this malware can do, we'd have to imagine this time will be no different. If you want to read some serious depth into YiSpecter, be sure to hit up the link below (you might need two cups of coffee to finish).

Tags:  Mobile, Apple, iPhone, Malware, ios, NASDAQ: AAPL
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment