Researchers at Palo Alto Networks have named the new malware Yispecter, and, like most of the iOS malware we’ve learned about, it’s primarily targeting users in China. Specifically, it’s targeting users in China that enjoy viewing and sharing porn videos.
Once a user has been tricked into installing Yispecter’s main package (which requires clicking “continue” in the alert dialog that appears), it goes resident and digs its claws in. It’ll replace certain legitimate apps it finds with infected versions, serve full-screen pop-up ads that appear when certain apps are launched, and fire up an HTTP server that listens for instructions and pulls down additional payloads when required. Try to remove Yispecter, and it’ll come back after a reboot.
While Yispecter offers additional confirmation that iOS devices aren’t bulletproof, you probably don’t need to be too worried about it. If you only download apps from the App Store you’re not in harm’s way. And if you’re smart enough to tap “quit” on the iOS alert, you’ll be OK, too.