YiSpecter iOS 9 Malware

Many users who move to OS X and iOS for the first time have a wrong belief that these platforms are non-penetrable and hence are safe from virus and malware attacks. However, those who keep up with this kind of news will know that iOS getting attacked by malware is not really a new thing. We do accept that iOS 9 is a lot more secure than Android or Windows, and most of the iOS devices that get infected with malware have been found to be jailbroken. However, it looks like that is going to change soon, as a new malware called YiSpecter is found to be attacking non-jailbroken iOS devices.

Image : YiSpecter Malware found in iOS 9

ios 9 malware

The recently-discovered YiSpecter malware is the first to showcase such ability. The malware attacks a device by using and abusing a private API for gaining access to the iOS device and then carry out its business. This malware strain has been in the wild for around 10 years and is reportedly limited to the users in Taiwan and China as of now. YiSpecter spreads to other devices and gains access by hijacking ISP traffic, offline app installation, and adding another malware on Windows.

Image :Yispecter Disguised iOS 9 Malware

YiSpecter25-500x888 (1)

If you go deep into the DNA of this malware, you will find that it is quite complicated and includes four distinct parts that have been signed digitally by several enterprise certificates. All the four components work together to initiate a chain of downloads which is originated from a remote server. Then the malware is internally instructed for hiding its icons from the Home screen in iOS so as to not raise the suspicions of the device user. The advanced users who can access hidden icons easily, the developer of the malware has tried to mask YiSpecter and display it as an official App Store application.

Image : Yispecter on Infected devices

YiSpecter1 (1) YiSpecter13-500x888 (1)

As far as the intention of this malware is concerned, YiSpecter seems to have a long-term aim behind this attack. The malware can modify the default search engine in the Safari browser, and it can also replace any installed apps with those that it downloads itself remotely for collecting inputs and datas and uploading the acquired information to the control server of the malware. However, a recent discovery shows that iOS 9 has patched the vulnerability that enables YiSpecter to attack. So in case you are concerned, the malware can attack iOS 8.3 and below. So if you are running one of those vulnerable versions, then it is time to update to iOS 9.

Stay Alert of iOS 9 Malwares – Subscribe to Updates :


Source : Palto Alto Network

Update : iOS 9 apps infected by previous Xcodeghost iOS 9 malware in the Apple AppStore has been detected . These affected apps are listed on Apple’s website [ext link] which includes popular apps like WeChat . The XCodeGhost Removal Tool has been released by Pangu Team that detects and suggests removal of infected apps if installed on your device . You can download it here along with instructions how to use it .

2 thoughts on “YiSpecter iOS 9 Malware”

  1. Does this only apply to iOS 9? Cuz now I’m a little bit scared cuz I use Wechat ALL THE TIME. that and I’m using an iPad mini so I’d like to know when it will stop recieving updates please thanks.

    • It works on iOS all versions including iOS 9 latest. Apple sent out this update recently , and they are going to ask developers to update their apps . Wechat update must be coming soon , so you may delete wechat if you use for the time being .

Leave a Comment