New piece of iOS malware can install fake apps on iPhone and iPad

New piece of iOS malware can install fake apps on iPhone and iPad
While some still harbor a blasé attitude to digital security, the mobile community does appear to be paying more attention in this regard. With so many well-documented hacks and leaks of private information, it pays to think twice before downloading a potentially malicious file, or using a very basic, easy-to-guess password. Still, even with less ignorance and more information, the fight against malware is an ongoing one that will never end completely, as some iOS users in China and Taiwan have recently discovered firsthand. 

With Apple's mobile OS being a walled garden, it's sometimes perceived as a safe haven from malware, particularly when compared to close rival Android. But this assumption is simply incorrect, and a new piece of malware by the name of YiSpecter seems to have found its way into a number of Apple devices throughout Asia. 

Cyber security firm Palo Alto Networks reports that once YiSpecter gets its claws in, it gets to causing all manner of havoc; spoofing stock apps with those downloaded while hijacking others to display ads. YiSpecter's courtesies also extend to changing Safari's default search engine, modify bookmarks and uploading certain device information without a user's permission. 

There's no debating that a sizable amount of the Web's not-so-nice-ware uses pornography to bait its targets, and YiSpecter is one of them. QVOD was a China-based app that allowed users to share content of this nature, despite the fact that pornographic material is illegal in the country. With QVOD having shut up shop following a police raid last year, devotees are now being lured into downloading a fake 'new' version of the app, which is merely a ruse for our friend YiSpecter to infiltrate unsuspecting victims. 

There's a perception that iOS device owners are only vulnerable to intrusion if they happen to dabble in jailbreaking. While this process, like Android rooting, does give hackers a larger target to aim at, even stock iOS isn't completely foolproof. Capitalizing on the private API infrastructure, YiSpecter can spoof other apps and cause a lot of potential damage, irrespective of whether a device has been jailbroken or not. 

According to an Apple rep speaking with CNet, the vulnerability that allows YiSpecter to operate has been fixed with iOS 9. Running the latest software is one very easy defense against malware no matter what device you own. Also, sticking with official download channels -- in this case, the App Store -- will also help your device to stay clean. 


FEATURED VIDEO

65 Comments

1. RoboticEngi

Posts: 1251; Member since: Dec 03, 2014

So much for the "safe" OS......

2. pifon

Posts: 76; Member since: Jun 15, 2013

There is no safe OS... only iUsers feels like they are something more so they use this "phrase" along with others.

41. Jango

Posts: 376; Member since: Oct 24, 2014

Another day, another iPhone security breach

6. jeeta444

Posts: 154; Member since: Mar 24, 2014

Agree! in the recent time ios has become a hub of security flaws, bugs and malware attacks.

31. AlikMalix unregistered

Security flaws, bugs and malware is just same old news on Android, but recently there have been rewards offered for those that can remotely access iOS... But unlike Android users who have to wait or give up, latest patches for iOS are available to every individual in the world - so there's no reason to stay vulnerable...

42. Jango

Posts: 376; Member since: Oct 24, 2014

Not true. Android receives updates all the time for security fixes. Malware on the Play store get found and purged. Do your homework, instead of being the ever grateful Apple paying loyalist.

55. AlikMalix unregistered

Like I said, reporting android vulnerabilities as little as this one in China just makes no sense - it's way too usual. iOS it's so rare, and isolated that it actually braking news...

59. engineer-1701d unregistered

didnt google say something about doing security patch repairs every month like you would go to googles site somehow and update.

62. AlikMalix unregistered

any word on how is that going?

12. elitewolverine

Posts: 5192; Member since: Oct 28, 2013

no OS is safe, however the chances are slimmer I would garner in using ios than android.

15. engineer-1701d unregistered

what the hell did someone send out a request for bugs mal and virus, crap for the android and ios platforms this is annoying they need to catch them and terminate their worthless lifes

30. AlikMalix unregistered

Yes, there was an article that would pay Millions (up to 3) to gain access to iOS... Android, no need to take the effort - it's already "OPEN".... (trolling a little bit, but dont dismiss the point)...

43. Jango

Posts: 376; Member since: Oct 24, 2014

You obviously haven't read this http://www.bbc.co.uk/news/uk-34444233 Too much coolade buddy.

48. AlikMalix unregistered

What he described is exactly how they describe Stagefright... Either way, are we talking about government or non government hackers?

69. Jango

Posts: 376; Member since: Oct 24, 2014

We're discussing security. Involves hackers. Not their loyalties

52. Plutonium239

Posts: 1239; Member since: Mar 17, 2015

iOS is actually the second most vulnerable OS in current use.http://www.gfi.com/blog/most-vulnerable-operating-systems-and-applications-in-2014/

7. Podrick

Posts: 1285; Member since: Aug 19, 2015

iFans will thought its a feature. #iMalwaregate

9. darkkjedii

Posts: 31529; Member since: Feb 05, 2011

"Will thought"? iFans won't think you use proper grammar.

11. Podrick

Posts: 1285; Member since: Aug 19, 2015

Becoming a grammar nazi I see. Want some green thumbs? Pardon my grammar.

17. darkkjedii

Posts: 31529; Member since: Feb 05, 2011

Nahhh, but if you're gonna bash, at least use proper grammar.

23. Tizo101

Posts: 595; Member since: Jun 05, 2015

unfortunately for you - you just sound like any a**hole because not everyone was born speaking English. I'm also one of those.

24. darkkjedii

Posts: 31529; Member since: Feb 05, 2011

Thanx for the compliment, now get lost. Capitalize "unfortunately", next time you start a sentence with it.

33. AlikMalix unregistered

Stop it DJ, you gonna make him cry... Dude is trolling against people with efforts to offend you and gets all whiny "boo-hoo, english is my second language". You're a troll Tizo, you gonna get burned by those that disagree with your post...

35. darkkjedii

Posts: 31529; Member since: Feb 05, 2011

I'm gonna really grill him, if he keeps poking me Alik. He's been warned lol.

40. SirYar

Posts: 351; Member since: Jul 02, 2014

Watch out guys, the iPhoneArena grammar police is on the loose!

37. Tizo101

Posts: 595; Member since: Jun 05, 2015

I guess if you say I'm a troll then I must be. who disagrees with my post? and why?

38. AlikMalix unregistered

Tizo, I thought it was you posting in #7 (since you defended it with), I got confused.. nevermind about the troll comment it was toward Podrick.

39. Tizo101

Posts: 595; Member since: Jun 05, 2015

no stress, we are all passing time here ryt? anyway I also troll every once in a while so I'll just own it.

36. Tizo101

Posts: 595; Member since: Jun 05, 2015

so you really think I don't know that? I'm not in it to impress. get off your high horse. your privilege has made you think that you are better, truth is, you are not.

44. Jango

Posts: 376; Member since: Oct 24, 2014

But Obama is president. Job done. Now let's make fun of people who don't speak English as a first language in the comments section of a EUROPEAN website. Triple irony 1. African American's and non whites the world over are still fighting for equality. We of all people shouldn't get strong-headed over zealous grammatical corrections of non speakers. 2. English means it was the language of the ENGLISH men of England. They colonised America the way Africa was colonised. Let's not get uppity about capitalisations of 'unfortunately'. 3. This is a European website done in English and it's STILL a comments section. Why so serious? Facepalm....

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.