New iOS malware tricks its way onto iPhones in China and Taiwan

iPhone users who attempt to download a fake app in China and Taiwan have been infected with a new form of malware. Sarah Tew/CNET

A new species of malware that shows fullscreen ads is flourishing on Apple devices in China and Taiwan. The development follows reports last month that apps loaded with malware had to be purged from the company’s App Store.

The malicious software, dubbed YiSpecter, is reportedly able to “install and launch arbitrary iOS apps, replace existing apps with those it downloads, hijack other apps’ execution to display advertisements, change Safari’s default search engine, bookmarks and opened pages, and upload device information,” according to US-based cybersecurity firm Palo Alto Networks.

Victims of YiSpecter are reportedly tricked into being infected when they are persuaded to download what appears to be a “private version” or “version 5.0” of a popular but now defunct media player, QVOD.

In China, QVOD was popular for its ability to allow users to share pornographic content. Pornography is illegal in China but there exists a vast underground network of hidden sites and third-party apps to circumvent such laws. The offices of the app’s developer, Kuaibo, were raided by police in 2014.

YiSpecter is able to make use of private application programming interfaces (APIs) to install itself on infected devices and then trick iOS’ SpringBoard, the software that manages things like app icons on the home screen, to prevent users from deleting it. The malware takes this deception a step further by using the same name and logos of system apps. It does not even require the iPhone or iPad to be jailbroken, the term used to describe the process of unlocking a device so you can install unauthorized apps.

“We advise customers to stay current and only download content from the App Store and trusted sources,” an Apple spokesperson told CNET. “This particular vulnerability was indeed fixed in iOS 9.0.”

Ryan Olson, Palo Alto Networks’ director of threat intelligence, told The Wall Street Journal that the culprit seems to be a China-based mobile advertisement service and that Apple had been notified of this new threat.

The news comes two weeks after the XcodeGhost attack caused Apple to pull a host of trusted, high-profile apps from its Chinese app store.

Advertisements
This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s