Malware is something we are all used to hearing about and contrary to the popular myth that iOS and OS X are bulletproof, we have heard that YiSpecter malware can infect your devices. Now we all know that as a mobile platform, iOS is a lot more secure than the competition, and over the years attacks have only happened on devices that were jailbroken. These are the devices that have been liberated from Apple’s tight security. Unfortunately, that might no longer be the case thanks to a new strain of malware known as YiSpecter, which has been found to attack non-jailbroken iOS devices.
YiSpecter is a recently discovered malicious form of malware and it is the first of its kind. In order to do what it does, this malware uses and abuses a private API in order to gain access to your device and unleash damage. The strain has actually been around for about ten months now and is currently known to be limited to users in China and Taiwan. YiSpecter manages to gain access and spread by hijacking ISP traffic, an additional strain of malware on the Windows platform, and offline application installation.
The internal DNA of this malware is quite intricate and it involves four different components that have all been digitally signed by various enterprise certificates. Those individual components work in conjunction with one another to set off a chain of downloads that originate from a remote server. The malware is then instructed internally to hide its own icons from the iOS home screen so that it doesn’t raise suspicion. For those that actually have the ability to access hidden icons, the developers behind YiSpecter have attempted to mask their malicious malware by masquerading it as an official App Store installation.
In terms of what this malware can do, it is fairly far reaching. YiSpecter is able to change the default search engine in Safari, replace installed apps with ones of its own that have been downloaded remotely to collect data and inputs, as well as upload the information it steals to a control center server.
Now for the good news, we have received work that the vulnerability within iOS that allows access to YiSpecter has been patched with the release of iOS 9 and it can only affect iOS 8.3 and below. iOS 8.4 and above are safe so if you want to protect your device from this malware be sure to upgrade your firmware to a safe version.