/ Apps / New malware infects non-jailbroken iPhones, is really difficult to remove

New malware infects non-jailbroken iPhones, is really difficult to remove

Andrea on October 8, 2015 - 12:29 pm in Apps


Just two weeks ago we told you about a rogue version of Xcode that helped hundreds of malicious apps sneak into the iOS App Store. Now another iOS attack has been uncovered, and it can infect non-jailbroken iPhones, just like Xcode Ghost.

Researchers at Palo Alto Networks have named the new malware Yispecter, and, like most of the iOS malware we’ve learned about, it’s primarily targeting users in China. Specifically, it’s targeting users in China that enjoy viewing and sharing porn videos.

Yispecter has been floating around for nearly 10 months, and it’s only detected by one of the 57 virus engines that power VirusTotal’s service. It infects iPhones by abusing Apple’s enterprise app distribution system using a trio of compromised certificates. Payloads are delivered drive-by style and Palo Alto suspects that some local Chinese ISPs may be assisting the criminals behind Yispecter. It’s believed that they may be using JavaScript injection to replace ordinary adverts with malicious ones.

Once a user has been tricked into installing Yispecter’s main package (which requires clicking “continue” in the alert dialog that appears), it goes resident and digs its claws in. It’ll replace certain legitimate apps it finds with infected versions, serve full-screen pop-up ads that appear when certain apps are launched, and fire up an HTTP server that listens for instructions and pulls down additional payloads when required. Try to remove Yispecter, and it’ll come back after a reboot.

While Yispecter offers additional confirmation that iOS devices aren’t bulletproof, you probably don’t need to be too worried about it. If you only download apps from the App Store you’re not in harm’s way. And if you’re smart enough to tap “quit” on the iOS alert, you’ll be OK, too.

Source: Apps – Geek.com


Send Us A Message Here

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>