News & Updates

iOS devices become vulnerable with YiSpecter

iOS devices become vulnerable with YiSpecter
Written by Michael Katz

Palo Alto Networks, a cyber security firm has identified a new malware in iOS devices called YiSpecter. This malware infects the devices by misusing the private APIs. It has mostly affected the users in Taiwan and China.

Apple has updated and confirmed to TechCrunch regarding the new malware YiSpecter that cannot cause issues in iOS 9. This is the reason why it’s always recommended to stay updated to the latest versions of iOS. For instance, YiSpecter can infect only versions of iOS 8.3 and older, and can affect only if users prefer downloading the apps from untrusted sources outside the App store. Apple has taken one more step in protecting the devices; it has canceled the certificates used for the apps distributing this heavy malware.

According to the statement issued by Apple:

“This malware only affects users working on older versions of iOS and have the habit of downloading apps from untrusted sources. This malware was specifically addressed in iOS 8.4 and we have also blocked the identified apps distributing this malware. We advise our customers to stay in touch with the latest versions of iOS in order to get the latest security updates. We encourage our valued customers to only download app from trusted sources like the App store and take care of any warnings that comes up while downloading the apps.”

YiSpecter is very fast as it makes a lot of changes on infecting a phone. It can easily install unwanted apps and replace the trusted apps with the downloaded ones. It can also change bookmarks, display full- screen advertisements forcefully, change search engines into Safari and send all the user information to its server from where it originated. Even if the users manually remove it from their iOS devices, it can reappear again.

Palo Alto Networks said, “Among the iOS malware found so far, YiSpecter is unusual as it abuses the private APIs allowing its four components, which are signed with enterprise certificate in order to appear trusted, to download all four from their centralized server.” Out of the four, three components can hide and disguise their icons with the logos and icons of other apps in order to stay safe from being detected. This malware has been infecting devices for over 10 months, but only one (which is VirusTotal) out of 57 security vendors is able to detect it.

Claud Xiao, a security researcher from Palo Alto Networks wrote in a post that abusing enterprise certificates and private APIs will not only lead to infect more devices but it also forces the security line barrier one step back.

The malware YiSpecter first spread by disguising as an app which allows users to view free porn. After this, it started infecting more devices through hijacked traffic coming from internet service providers, online communities where users get to install third party apps in exchange of promotion fees, and a Windows worm which first attacked QQ.

Another malware known as XcodeGhost has found to infect 40 apps in Chinese app store last month. There is no relation found between YiSpecter and XcodeGhost yet.

Feature Image By Microsiervos via Flickr

About the author

Michael Katz

Michael Katz is a technology and security writer who grew up around technology. From a very early age, he has been in love with computers and follows many of the companies that produce them, hoping to learn more about what makes them tick. When not writing about technology and internet security, he can be found on the pitch with his friends playing a friendly game of football.

27 Comments

  • Ahaa, its nice conversation about this paragraph at this place at this web site, I have read all that, so now me also commenting here.

  • Hey! I’m at work browsing your blog from my new apple iphone!
    Just wanted to say I love reading through your blog and
    look forward to all your posts! Carry on the outstanding work!

  • Do you have a spam problem on this site; I also am a blogger,
    and I was curious about your situation; we have developed some
    nice methods and we are looking to trade methods with other folks,
    please shoot me an e-mail if interested.

  • What i don’t understood is in truth how you are not really much more well-preferred
    than you might be now. You’re very intelligent. You know thus significantly when it comes to this subject,
    produced me for my part believe it from numerous numerous angles.
    Its like men and women aren’t fascinated except it’s something to accomplish with Girl gaga!
    Your own stuffs excellent. At all times take care of it
    up!

  • Hi, I do believe this is a great website. I stumbledupon it 😉 I may revisit once again since i have saved as a favorite it.
    Money and freedom is the best way to change, may you be rich and continue to help others.

  • Generally I don’t read article on blogs, however I wish to say
    that this write-up very compelled me to check out and do so!
    Your writing taste has been amazed me. Thank you, very nice post.

  • Hello there! This is kind of off topic but I need some help
    from an established blog. Is it tough to set up your own blog?
    I’m not very techincal but I can figure things out
    pretty fast. I’m thinking about setting up my own but I’m not sure where to begin. Do you have any
    ideas or suggestions? Appreciate it

  • May I simply just say what a relief to find an individual who genuinely
    knows what they’re talking about online. You certainly know how to
    bring a problem to light and make it important.
    A lot more people ought to check this out and understand this side of your story.
    I was surprised that you aren’t more popular since
    you certainly possess the gift.

  • Heya! I understand this is somewhat off-topic however I needed to ask.
    Does building a well-established blog such as yours take a large amount of work?
    I’m brand new to operating a blog however I do write
    in my journal everyday. I’d like to start a blog so I can share my personal experience and thoughts
    online. Please let me know if you have any kind of suggestions or tips for
    brand new aspiring blog owners. Appreciate it!

  • I do not even understand how I stopped up right here, but I assumed this put
    up was once good. I do not realize who you might be however certainly you are going to a famous blogger when you aren’t already.
    Cheers!

  • Just want to say your article is as amazing.
    The clearness in your post is just spectacular and i could assume you are an expert on this subject.

    Fine with your permission allow me to grab your RSS feed to keep updated with forthcoming post.
    Thanks a million and please carry on the gratifying work.

  • I don’t even know the way I finished up right here, but I thought this submit was great.
    I do not realize who you’re but certainly you’re going to a well-known blogger if you
    are not already. Cheers!

Leave a Comment