Malware Attacking iOS Devices

We were always told that iOS products were special for a number of reasons, but especially because they were impervious to virus and malware. Boy oh boy how times have changed.

Cybersecurity firm Palo Alto Networks has identified new malware, which it calls YiSpecter, that infects iOS devices by abusing private APIs. Most affected users live in China and Taiwan.

Once it infects a phone, YiSpecter can install unwanted apps; replacing legitimate apps with ones it has downloaded; force apps to display full-screen advertisements; change bookmarks and default search engines in Safari; and send user information back to its server. It also automatically reappears even after users manually delete it from their iOS devices.

Palo Alto Networks says YiSpecter is unusual for iOS malware—at least ones that have been identified so far—because it attacks jailbroken and non-jailbroken iOS devices by misusing private APIs to allow its four components (which are signed with enterprise certificates to appear legitimate) to download and install each other from a centralized server.

In the post, Palo Alto Networks’ security researcher Claud Xiao wrote that by abusing enterprise certificates and private APIs, YiSpecter is not only able to infect more devices, but “pushes the line barrier of iOS security back another step.”