A new malware called YiSpecter has been found that affects both jailbroken as well as non-jailbroken devices in Taiwan and China. Once a device is infected, YiSpecter allows the installation of unwanted apps, replaces legitimate apps, and displays full-screen advertisements amongst creating other chaos. The malware has been in the wild for over 10 months, and almost every security suite fails to detect it.
Just two weeks after researchers found several apps featuring XcodeGhost malware on the China App Store, security firm Palo Alto Networks reports about a new malware for iOS that can launch arbitrary iOS apps, force ads as well as change bookmarks and default search engine in Safari. Furthermore, the malware can also send user information back to its server. If that wasn't alarming enough, do note that it's not easy to get rid of the malware, as it reappears after you delete it.
The firm noted that YiSpecter is unusually different from any other malware we've seen on iOS over the years. And that begins right off with how it spreads. It began as an app that allows users to view free porn then infects those devices. It then hijacks traffic from ISPs to infect more devices. It also exists as a Windows worm that affects an IM service, and at last its roots have also been found on online communities and forums where its fake promotions are done.
(Also See: Apple's iOS App Store Suffers First Major Attack)
Also, the malware affects both jailbroken and non-jailbroken devices by manipulating with private APIs. The APIs in question consist of four components that are signed with enterprise certificates to look authentic and download each other from a centralised server. Three of these components hide their icons from iOS SpringBoard, the app that runs the home screen, and use fake aliases to fool security suites.
The malware appears just two weeks after at least more than three dozen malicious apps were found in the App Store, potentially affecting as many as millions of users. The security firm reports that it has identified 23 different samples of YiSpecter, many of which have been publicly available since last year. Apple is yet to acknowledge the existence of this malware.