YiSpecter iOS Malware Seriously Infect Non-Jailbroken Devices, Fix Implemented in iOS 8.4

The existence of malware on Apple’s iOS platform is not exactly a new thing, opposed to the popular myth that iOS and OS X are bulletproof. With that said, the mobile platform, iOS is one of those more secured than competition, and has previously claimed only come under attack if the device is actually jailbroken. Unfortunately, that may no longer be the case thanks to a new strain of malware known as YiSpecter, which has been discovered toi attack even non-jailbroken iOS devices. Think, is your iPhone, iPad are safe?

YiSpecter, the malicious form malware discovered as it’s the first of its kind, is able to download, install, and launch apps, doing things like replacing existing apps, displaying advertisements in legitimate apps, changing Safari’s default engine, and uploading user information to remote servers. In order to go about its business, the malware uses and abuses a private API in order to gain access tothe device and unleash its evil intent.


The strain is originated in Taiwan and China and was installed through several methods, including hijacking traffic from ISPs, an SNS worm on Windows, and offline app installation. YiSpecter was actually been around for approximately ten months and currently known to be limited to users.

The internal DNA of the YiSpecter malware is quite intricate and purely involves four different components that have all been digitally signed by various enterprise certificates and private APIs. Those individual components work in conjunction with one another to set off a chain to downloads that originates from a remote server. Where the malware is then instructed internally to hide its own icon from the iOS home screen so it doesn’t raise any suspicion with the owner of the device. For those that actually have the ability to access hidden icons, the developers behind YiSpecter have attempted to manipulate the malicious nature of the installation by amsquerading it as an official App Store installation.

In response to the detailing of YiSpecter, Apple has released an official statement to The Loop explaining that YiSpecter is only able to target iOS users who are running an older version of its mobile operating system that have also downloaded content from untrusted sources:

“This issue only impacts users on older versions of iOS who have also downloaded malware from untrusted sources. We addressed this specific issue in iOS 8.4 and we have also blocked the identified apps that distribute this malware. We encourage customers to stay current with the latest version of iOS for the latest security updates. We also encourage them to only download from trusted sources like the App Store and pay attention to any warnings as they download apps.

In terms of the underlying intent of the malware. YiSpecter is able to change the default serach engine, replace installed apps with ones of its own choosing that have been booted remotely to collect data and inputs, as well as upload acquired info to a control center server. The vulnerability witnin iOS that allows access to YiSpecter was recently discovered, has been patched with the release of iOS 9. Apple implemented fixes for YiSpecter in iOS 8.4, so iOS 8.4.1. To be clear, it only affects iOS 8.3 and below, and 8.4 and above are all safe. Yet another reason for iDevice users to upgrade to the latest firmware.


Final point is what? Users who want to avoid being targeted by YiSpecter should make sure to upgrade to the latest version of iOS and as always, should avoid downloading apps from unverified sources.

(Source: Palo Alto Networks)

You may also like to check out: