Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Viruses & Malware / New Malware Targeting iOS Devices
New Malware Targeting iOS Devices, Even Non-Jailbroken Ones
New Malware Targeting iOS Devices, Even Non-Jailbroken Ones
By Jef Cozza / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
If you thought having a locked iPhone and only buying apps that have been approved for the Apple App Store kept your device safe, think again. A new bit of malware named YiSpecter discovered by security firm Palo Alto Networks uses the private API of the iOS to infect even devices that haven’t been jailbroken.

“It’s the first malware we’ve seen in the wild that abuses private APIs in the iOS system to implement malicious functionalities,” Claud Xiao, a security researcher at Palo Alto Networks, wrote on the company’s blog. Unlike previous malware targeting iOS devices, YiSpecter can threaten both jailbroken and non-jailbroken devices.

Unusual Transmission Methods

The malware has been active in the wild for more than 10 months, but so far most security vendors are not able to detect it. At the moment, YiSpecter seems to be mostly confined to iOS devices in China and Taiwan.

YiSpecter seems to have some rather unusual methods of transmission, such as hijacking traffic from Internet service providers, offline app installation, and via community promotions. The malware consists of four components, each one signed with an enterprise certificate. Any one component is able to download the remaining components from a command and control server by using iOS’ private APIs.

“Three of the malicious components use tricks to hide their icons from iOS’ SpringBoard, which prevents the user from finding and deleting them,” Xiao said. “The components also use the same name and logos of system apps to trick iOS power users.”

A Deadly Combination

Once installed on a device, YiSpecter can download, install, and launch arbitrary apps, hijack other apps’ execution, and upload device information to the command and control server. Even if users manually delete the malware, it will automatically reappear on their devices. Some users say they’ve also encountered new, full-screen advertisements when opening one of their other apps.

The discovery of YiSpecter follows the WireLurker malware infection -- identified in November -- which also targeted non-jailbroken iOS devices by using enterprise certificates. And last month, more than 4,000 apps on the Apple App Store were found to be infected with the XcodeGhost malware.

But YiSpecter is the first piece of malware that has successfully combined the use of enterprise certificates with the manipulation of private APIs to implement sensitive functionalities in iOS. The result is a piece of malware that is potentially far more dangerous than anything seen before. “It pushes the line barrier of iOS security back another step,” Xiao said.

Apple has been notified about the malware, and Palo Alto Networks has released IPS and DNS signatures that block YiSpecter’s network traffic. Apple has already improved enterprise certificate security in the recently released iOS 9, which requires users to manually identify providers as “trusted” in settings before they can install enterprise-provisioned apps.

Tell Us What You Think


Like Us on FacebookFollow Us on Twitter
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.