Shortly after news about the XcodeGhost attack broke out, a new malware dubbed YiSpecter has been discovered infecting iOS devices. According to reports, the malware can install itself on both jailbroken and non-jailbroken iOS devices. YiSpecter is the first iOS malware that exploits Apple’s private APIs, allowing attackers to target iOS devices—including unmodified or un-jailbroken ones—by going through the official App Store. It was found to have been active for almost 10 months, mostly affecting users in China and Taiwan.
[READ: Malware-Laced Xcode Tool Used to Infect iOS Apps]
YiSpecter uses novel techniques to spread itself. Identified to have been spreading as far back as November 2014, the malware spread by masquerading as apps that allowed users to stream porn videos. It then infects other devices by hijacking traffic from nationwide ISPs, offline app installations, an SNS worm on Windows machines, and community promotions to spread itself. The malware managed to get around Apple’s code review process by abusing enterprise certificates and private APIs.
Once installed on an iOS device, the malware can download, install, and launch apps, replace existing apps, hijack advertisements, change the browsers default search engine, and upload device information to a C&C server. The malware has also been observed to reappear after manual deletion.
Apple has recently issued a statement:
“This issue only impacts users on older versions of iOS who have also downloaded malware from untrusted sources. We addressed this specific issue in iOS 8.4 and we have also blocked the identified apps tat distribute this malware. We encourage customers to stay current with the latest version of iOS for the latest security updates. We also encourage them to only download from trusted sources like the App Store and pay attention to any warnings as they download apps.”
This issue should remind users that while Apple is renowned for its walled garden approach, it is never really free from security risks; hence, users must take preventive measures to protect themselves. Despite the discovered “holes in the wall”, it’s still recommended to stick to official downloads from official App Store.
Finally, users should always update their OS and apps the latest version to reduce the risk of being exposed to unpatched vulnerabilities that can be exploited. As stated above, iOS users who have updated to newer versions of iOS should be safe from this issue.