Breaking News

ASUS Unveils ProArt PA401, PA602 Wood Edition PC Cases with Retro Colors Synology Releases DiskStation Manager 7.3 Shuttle Introduces DH810 Compact Mini PC with Intel Core Ultra Processors Elgato Debuts Supersized Prompter XL for Studio Use Thermaltake Launches AW360/420 AIO Liquid Cooler and WAir CPU Cooler for Workstations

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Malware Attacks Non-jailbroken Apple iOS Devices

Malware Attacks Non-jailbroken Apple iOS Devices

Smartphones Oct 5,2015 0

Researchers at Palo Alto Networks have recently discovered 'YiSpecter', a malware ppearing to come from an advertising company in China capable of infecting Apple’s mobile devices. YiSpecter attacks both jailbroken and non-jailbroken iOS devices through unique and harmful malicious behaviors. Specifically, it’s the first malware the researchers have seen in the wild that abuses private APIs in the iOS system to implement malicious functionalities.

So far, the malware primarily affects iOS users in mainland China and Taiwan. It spreads via unusual means, including the hijacking of traffic from nationwide ISPs, an SNS worm on Windows, and an offline app installation and community promotion.

YiSpecter consists of four different components that are signed with enterprise certificates. By abusing private APIs, these components download and install each other from a command and control (C2) server. Three of the malicious components use tricks to hide their icons from iOS’s SpringBoard, which prevents the user from finding and deleting them. The components also use the same name and logos of system apps to trick iOS power users.

On infected iOS devices, YiSpecter can download, install and launch arbitrary iOS apps, replace existing apps with those it downloads, hijack other apps’ execution to display advertisements, change Safari’s default search engine, bookmarks and opened pages, and upload device information to the C2 server. According to victims’ reports, all these behaviors have been exhibited in YiSpecter attacks in the past few months. Some other characteristics about this malware include:

  • Whether an iPhone is jailbroken or not, the malware can be successfully downloaded and installed
  • Even if you manually delete the malware, it will automatically re-appear
  • Using third-party tools you can find some strange additional "system apps" on infected phones
  • On infected phones, in some cases when the user opens a normal app, a full screen advertisement will show

Moreover, recent research shows that over 100 apps in the App Store have abused private APIs and bypassed Apple’s strict code review. What that means is the attacking technique of abusing private APIs can also be used separately and can affect all normal iOS users who only download apps from the App Store.

Palo Alto Networks has released IPS and DNS signatures to block YiSpecter’s malicious traffic.

Tags: malwareios
Previous Post
Facebook To Offer Satellite Internet To Africans
Next Post
European High Court To Issue Privacy Ruling On Tuesday Affecting U.S. Tech Companies

Related Posts

  • iOS 17 is available today

  • Apple announces iPadOS 16, watchOS 9 and macOS Ventura

  • Here’s everything new in the first betas of iOS 15.4 and iPadOS 15.4

  • iOS 15 is available today

  • iOS 15 brings new ways to stay connected and powerful features that help users focus, explore, and do more with on-device intelligence

  • Apple advances its privacy leadership with iOS 15, iPadOS 15, macOS Monterey, and watchOS 8

  • iOS 14.5 released

  • Intel and Microsoft Convert Malware to Images to Spot Threads Faster

Latest News

ASUS Unveils ProArt PA401, PA602 Wood Edition PC Cases with Retro Colors
Cooling Systems

ASUS Unveils ProArt PA401, PA602 Wood Edition PC Cases with Retro Colors

Synology Releases DiskStation Manager 7.3
Enterprise & IT

Synology Releases DiskStation Manager 7.3

Shuttle Introduces DH810 Compact Mini PC with Intel Core Ultra Processors
Enterprise & IT

Shuttle Introduces DH810 Compact Mini PC with Intel Core Ultra Processors

Elgato Debuts Supersized Prompter XL for Studio Use
Consumer Electronics

Elgato Debuts Supersized Prompter XL for Studio Use

Thermaltake Launches AW360/420 AIO Liquid Cooler and WAir CPU Cooler for Workstations
Cooling Systems

Thermaltake Launches AW360/420 AIO Liquid Cooler and WAir CPU Cooler for Workstations

Popular Reviews

be quiet! Dark Mount Keyboard

be quiet! Dark Mount Keyboard

Terramaster F8-SSD

Terramaster F8-SSD

be quiet! Light Mount Keyboard

be quiet! Light Mount Keyboard

be quiet! Light Base 600 LX

be quiet! Light Base 600 LX

be quiet! Pure Base 501

be quiet! Pure Base 501

Soundpeats Pop Clip

Soundpeats Pop Clip

Akaso 360 Action camera

Akaso 360 Action camera

Dragon Touch Digital Calendar

Dragon Touch Digital Calendar

Main menu

  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed