China's YiSpecter malware rips Apple iOS security to infect iPhones and iPads
A dangerous malware named YiSpecter is infecting Apple iPhones and iPads despite Apple’s tough security features and the App Store's even tougher code review. Apple immediately responded to this new threat, however, claiming it’s already blocked the apps distributing YiSpecter.
Apple also said it implemented fixes for YiSpecter in iOS 8.4. This means iOS 8.4.1 and iOS 9 should be safe from the malware, according to Mac Rumors.
A clever piece of work, YiSpecter infects both jailbroken and non-jailbroken Apple devices by exploiting enterprise certificates and private APIs or application program interfaces, said TechCrunch. APIs specify how software components interact and consist of protocols and tools for developing software applications.
Palo Alto Networks, which revealed the extent of this threat over the weekend, said YiSpecter installs unwanted apps on infected iOS devices. The malware then replaces legit apps with any of its four component malware apps and sends user information back to the hacker’s servers, among other illegal activity.
A particularly dangerous feature of YiSpecter is its “zombie-like” ability to resurrect itself and reappear after users manually delete it from their iOS devices.
Palo Alto said what's worrisome is YiSpecter infects iPhone and iPad that only install apps from Apple’s official App Store. It said it’s identified about 100 apps in the App Store that have abused private APIs and have found a way around Apple's very strict code review.
Palo Alto said YiSpecter has the unusual ability to attack iOS devices by abusing private APIs. The malware’s misuse of enterprise certificates and private APIs allows YiSpecter to infect more devices. It also “pushes the line barrier of iOS security back another step”, said Palo Alto researcher Claud Xiao.
"What that means is the attacking technique of abusing private APIs can also be used separately and can affect all normal iOS users who only download apps from the App Store”.
Palo Alto said YiSpecter originated in China and Taiwan, making it the second Made in China malware to target Apple’s iOS devices in as many months. In September, another Chinese malware called XcodeGhost infected some 4,000 apps in China’s App Store.
Palo Alto Networks said there’s nothing to show XcodeGhost and YiSpecter are related or were created by the same hacking group. YiSpecter spread by pretending to be an app allowing users to view free online porn.
To prevent further damage from YiSpecter, Apple urges its users to immediately upgrade to its newest OS. It said the malware hits iOS users running an older iOS version.
"This issue only impacts users on older versions of iOS who have also downloaded malware from untrusted sources. We addressed this specific issue in iOS 8.4 and we have also blocked the identified apps that distribute this malware.
“We encourage customers to stay current with the latest version of iOS for the latest security updates. We also encourage them to only download from trusted sources like the App Store and pay attention to any warnings as they download apps”, said Apple.
Contact writer at feedback@ibtimes.com.au, or let us know what you think below.