Home / News / Mobile App News / New iOS malware threat hits China and Taiwan

New iOS malware threat hits China and Taiwan


App Store

A new iOS malware threat has been detected that mostly seems to affect users living in China and Taiwan.

The YiSpecter malware was discovered by cybersecurity company Palo Alto Networks. It initially found its way onto iPhones by parading as a free porn app, before spreading through various other means such as the hijacking of traffic from national ISPs.

YiSpecter seems to have been active and in the wild for around 10 months now. Once it infects an iPhone, it can install unwanted apps, replace legitimate ones, force apps to display full-screen ads, change bookmarks and default search engines, and send user information back to its server.

It's also been found that manually deleting the app doesn't appear to get rid of it.

According to Palo Alto Networks (via TechCrunch), YiSpecter represents a new level of attack on iOS because of the way that it uses private APIs to enable its four components to download and install one another. It's also notable by the way that it uses enterprise certificates to appear legitimate, as well as by the way it can infect jailbroken and non-jailbroken iPhones alike.

Three of those aforementioned components are able to hide their icons from iOS Springboard, which is the app that runs your iPhone's homescreen. As mentioned, they can also disguise themselves with the logos and names of legitimate apps.

Related: iOS XcodeGhost malware FAQ

While it seems unlikely to have affected iPhones here in the West, the original blog post on the matter contains steps to deal with the YiSpecter malware if your iPhone is infected, and they don't seem too laborious.

The main piece of advice, as ever, is to only download apps from trusted sources on the official App Store.

The arrival of this latest piece of iOS malware follows on from the recent XcodeGhost scare, which saw some 4,000 apps infected. There doesn't appear to be a link between the two.

Take a look at our iOS 9 features video below:

comments powered by Disqus