2 min read

China Advertising Malware Puts iPhones at Risk, Researchers Say

Răzvan MUREȘAN

October 05, 2015

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
China Advertising Malware Puts iPhones at Risk, Researchers Say

Harmful software allegedly originating from China is capable of infecting Apple’s jailbroken and non-jailbroken iOS devices, according to researchers at Palo Alto Networks.

“YiSpecter, a new Apple iOS malware, is different from previously seen iOS malware in that it attacks both jailbroken and non-jailbroken iOS devices through unique and harmful malicious behaviors. Specifically, it’s the first malware we’ve seen in the wild that abuses private APIs in the iOS system to implement malicious functionalities”, researchers claim.

The malware primarily affects iOS users in mainland China and Taiwan and spreads via unusual means, including the hijacking of traffic from nationwide ISPs, an SNS worm on Windows, and an offline app installation and community promotion.

Many victims have discussed YiSpecter infections of their jailbroken and non-jailbroken iPhones in online forums and have reported the activity to Apple. The malware has been in the wild for over 10 months, but out of 57 security vendors in VirusTotal, only one is detecting the malware at the time of this writing.

On infected iOS devices, YiSpecter can download, install and launch arbitrary iOS apps, replace existing apps with those it downloads, hijack other apps’ execution to display advertisements, change Safari’s default search engine, bookmarks and opened pages, and upload device information to the C2 server. According to victims’ reports, all these behaviors have been exhibited in YiSpecter attacks in the past few months.

Here is a list of features of YiSpecter malware:

  • Whether an iPhone is jailbroken or not, the malware can be successfully downloaded and installed
  • Even if you manually delete the malware, it will automatically re-appear
  • Using third-party tools you can find some strange additional “system apps” on infected phones
  • On infected phones, in some cases when the user opens a normal app, a full screen advertisement will show

“YiSpecter is the latest in a line of significant malware families to target iOS devices. Previously, the malware WireLurker demonstrated the ability to infected non-jailbroken iOS devices by abusing enterprise certificates, and academic researchers have discussed how private APIs can be used to implement sensitive functionalities in iOS”, researchers say. “However, YiSpecter is the first real world iOS malware that combines these two attack techniques and causes harm to a wider range of users. It pushes the line barrier of iOS security back another step”.

Moreover, recent research shows that over 100 apps in the App Store have abused private APIs and bypassed Apple’s strict code review. The attacking technique of abusing private APIs can also be used separately and can affect all normal iOS users who only download apps from the App Store.

tags


Author



Right now

Top posts

The Holiday Guide to Tech Support: Fixing the Family Computer

The Holiday Guide to Tech Support: Fixing the Family Computer

November 24, 2021

2 min read
Bitdefender Celebrates 20 Years of Cybersecurity Leadership

Bitdefender Celebrates 20 Years of Cybersecurity Leadership

November 04, 2021

3 min read
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords

October 26, 2021

3 min read
What are drive-by download attacks and how do you prevent them?

What are drive-by download attacks and how do you prevent them?

October 25, 2021

2 min read
Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

Criminals Can't Wait to Add Your IoT Device to Their DDoS Networks

October 22, 2021

2 min read
Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

Six in 10 Consumers Faced a Cyber Threat in 2021, New Bitdefender Study Reveals

October 20, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Common Credentials Criminals Use in IoT Dictionary Attacks Revealed Common Credentials Criminals Use in IoT Dictionary Attacks Revealed
Silviu STAHIE

November 30, 2021

3 min read
Interpol Busts 1,000 Cyber Crooks and Recovers $27M in Massive Fraud Crackdown Interpol Busts 1,000 Cyber Crooks and Recovers $27M in Massive Fraud Crackdown
Filip TRUȚĂ

November 29, 2021

2 min read
Social media firms will be forced to unmask online trolls, says Australia Social media firms will be forced to unmask online trolls, says Australia
Graham CLULEY

November 29, 2021

2 min read