Gone are the days when iOS malware reports were a rare thing. Following a wave of malware attacks on the iPhone and iPad – including a massive App Store hack and an Apple ID theft operation – a new security report reveals there’s dangerous malware in the wild that can harm any iPhone, iPad or iPod touch regardless of whether they’re jailbroken or not.
DON'T MISS: Report claims Surface Pro 4 has a killer feature iPad users can only dream of
Called YiSpecter, the malware app was discovered by security company Palo Alto Networks, the same entity that first detailed the XcodeGhost hack.
YiSpecter can infiltrate any iOS device via a variety of means, posing as a genuine Apple-signed app once installed. Once on your iOS device, the app can then make itself invisible to the user by disguising itself as an actual iOS app, or hiding itself from the home screen – which means the user has no means of deleting it.
“On infected iOS devices, YiSpecter can download, install and launch arbitrary iOS apps, replace existing apps with those it downloads, hijack other apps’ execution to display advertisements, change Safari’s default search engine, bookmarks and opened pages, and upload device information to the C2 [command and control] server,” the researchers revealed.
Even if manually deleted, the malware will automatically re-appear.
There are many ways of installing YiSpecter on the phone, including hijacking traffic from nationwide ISPs, a worm on Windows, offline app installations, and community promotions. The app takes advantage of Apple’s enterprise certificates that are used to sign four app components to fool the operating system into believing it’s a genuine app.
