New piece of iOS malware can install fake apps on iPhone and iPad

New piece of iOS malware can install fake apps on iPhone and iPad
While some still harbor a blasé attitude to digital security, the mobile community does appear to be paying more attention in this regard. With so many well-documented hacks and leaks of private information, it pays to think twice before downloading a potentially malicious file, or using a very basic, easy-to-guess password. Still, even with less ignorance and more information, the fight against malware is an ongoing one that will never end completely, as some iOS users in China and Taiwan have recently discovered firsthand. 

With Apple's mobile OS being a walled garden, it's sometimes perceived as a safe haven from malware, particularly when compared to close rival Android. But this assumption is simply incorrect, and a new piece of malware by the name of YiSpecter seems to have found its way into a number of Apple devices throughout Asia. 

Cyber security firm Palo Alto Networks reports that once YiSpecter gets its claws in, it gets to causing all manner of havoc; spoofing stock apps with those downloaded while hijacking others to display ads. YiSpecter's courtesies also extend to changing Safari's default search engine, modify bookmarks and uploading certain device information without a user's permission. 

There's no debating that a sizable amount of the Web's not-so-nice-ware uses pornography to bait its targets, and YiSpecter is one of them. QVOD was a China-based app that allowed users to share content of this nature, despite the fact that pornographic material is illegal in the country. With QVOD having shut up shop following a police raid last year, devotees are now being lured into downloading a fake 'new' version of the app, which is merely a ruse for our friend YiSpecter to infiltrate unsuspecting victims. 

There's a perception that iOS device owners are only vulnerable to intrusion if they happen to dabble in jailbreaking. While this process, like Android rooting, does give hackers a larger target to aim at, even stock iOS isn't completely foolproof. Capitalizing on the private API infrastructure, YiSpecter can spoof other apps and cause a lot of potential damage, irrespective of whether a device has been jailbroken or not. 

According to an Apple rep speaking with CNet, the vulnerability that allows YiSpecter to operate has been fixed with iOS 9. Running the latest software is one very easy defense against malware no matter what device you own. Also, sticking with official download channels -- in this case, the App Store -- will also help your device to stay clean. 


FEATURED VIDEO

65 Comments

73. flipjzn

Posts: 257; Member since: Jun 22, 2012

Meh! 1.) ios 8.4 fixed this 2.) you have to allow/approve installation before it can take effect. 3.) mostly affected users are in mainland china and taiwan. 4.) ios 9.0.2 is out.

61. 99nights

Posts: 1152; Member since: Mar 10, 2015

It's only going to get worse for apple users considering how popular it's become.

47. iMichael unregistered

We have premium malware not crappy malware!

51. AlikMalix unregistered

Let me fix it for you: We have nearly non existing malware not like Android malware... The fact that apps start on their own on Android and when popular apps like BBM launch there are 7 fake ones ALL with malware before BB was able to even launch their real one - should really speak for itself...

72. Jango

Posts: 376; Member since: Oct 24, 2014

Do you use the internet at all? Or is your online experience limited to Apple's app store only? See where I'm going with this? Fake websites, fake user profiles, fake clothes, fake facebook accounts, fake news stories, fake pictures, fake watches... etc etc etc. The moral of this comment is that you have to use your brain/common sense and live in the FREE world instead of putting blind faith on censorship and praising it. the free world or app environment allows developers, the majority of whom are not making malware, to freely build and publish apps quickly.

26. LookyKai

Posts: 25; Member since: Sep 12, 2015

China?? not again..

22. AlikMalix unregistered

Why is news like this always and only involve China... What is it with Chinese and trying to bypass paying for a legitimate app or service? They make the mess of the ecosystem in China themselves and blame Manufacturers like Apple for it...

25. Tizo101

Posts: 644; Member since: Jun 05, 2015

I think you forgot about NSA in America and the world at large... what's worse is the fact that malware attacked governments unlike the Asian malware that goes after the common individual.

29. AlikMalix unregistered

Huh? You mentioned NSA in America... yeah, they dont bother Google to hand over access, but for some reason Apple continiously fighting them for the user's right... but please elaborate... Malware attacked governments? why? and huh? All Malware goes after the common individual, not just in china... common individual can (and should) take up measures, by buying a device least likely to be infected, has instant security patches, and stick with an platform that gives you the ability to control what Apps are allowed to do on your device especially stay away from devices where apps often launch themselves and run in background for no reason (hint hint). And keep your hands out of the cookie jar (dont be a smart ass and take the effort to sideload apps just to save $0.99 cents - it's designed to be difficult on purpose).

46. Jango

Posts: 376; Member since: Oct 24, 2014

Then you must be referring to a Blackberry, right? Please give me an honest reply. Of course you won't. It's laughable to hear hipsters like you passing the iPhone off as 'secure' or 'most secure'. If you gave a damn about security. you'd get a Blackberry or an Android device locked for security, by Silent Circle etc.

49. AlikMalix unregistered

What I described was iOS, everything I said in post #29 is about iOS... Wasnt talking about Blackberry... iOS is MORE secure than Android... more so because you have control of what's on your phone and how it's allowed to work.

71. Jango

Posts: 376; Member since: Oct 24, 2014

Not true. Your post stated that one should get a smartphone that is more secure. It isn't an iPhone.

28. elitewolverine

Posts: 5192; Member since: Oct 28, 2013

Because of the tight controls in China. Imagine being told what you can do, way more than the government you are in already do.

32. DnB925Art

Posts: 1168; Member since: May 23, 2013

Because they (Chinese) spend all their money (and maybe sell a kidney or some sperm) to get an iPhone but don't have any money left to pay for apps. /s You know I'm also lightheartedly trolling ya AlikMalix ;P But in all seriousness no platform is 100% secure. If man can make it, man can break it.

34. AlikMalix unregistered

Hehe, I kinda felt the "kidney for iPhone" joke was coming... But on a serious note, are iPhone's programmed differently in china? Does the Chinese gmnt require a backdoor for you to sell phones there? (thought I saw an article about that somewhere)... And TIm Cook recently did make a statement that a "back door for the good guy will be also used by bad guy". Was he talking about Chinese government or the fact that US Gvnmt is trying to force Apple to give them access....

21. MrElectrifyer

Posts: 3960; Member since: Oct 21, 2014

Haha, yet another proof of what those with at least half a brain have been saying for over a decade; there's no cure for the PEBCAK malware, learn to think before you click and you'll be safe...always happy when examples of that same message from over decade ago surface. Sadly, iSheeps and MacTards have been and still are denying reality until it bites them, and that same BS of "Macs don't get Viruses" is still being used in retails stores to sell Macs...

19. TechieXP1969

Posts: 14967; Member since: Sep 25, 2013

IMO jailbreaking is just dumb. Why go through all the pain to take a perfectly running device, and install risky havocing garbage onto a device. Based on my experience, just installing Cydia made the device run quirky, slow and apps crashed even more. The process itself is so convoluted too. For Android, if you want to ruin a perfectly good runnign device, at least its far less comp;icated and its something you can buy a cheap device that you can just use on wifi and test things out before trying to do it on yoru everyday device. I keep a S3/S4 around to play with sideloading questionable things to see what I'm in for. But i dont sideload apps on my everyday driver. Anyone who does, whether they use iOS, Android or any locked down OS is just dumb.

16. Fire5

Posts: 315; Member since: Feb 13, 2015

Insects and worms 3Dpremiun

14. ZeroCide

Posts: 819; Member since: Jan 09, 2013

This is a new feature.

13. SirYar

Posts: 351; Member since: Jul 02, 2014

Premium malware.

45. Jango

Posts: 376; Member since: Oct 24, 2014

You win the internet

7. Podrick

Posts: 1285; Member since: Aug 19, 2015

iFans will thought its a feature. #iMalwaregate

9. darkkjedii

Posts: 31798; Member since: Feb 05, 2011

"Will thought"? iFans won't think you use proper grammar.

11. Podrick

Posts: 1285; Member since: Aug 19, 2015

Becoming a grammar nazi I see. Want some green thumbs? Pardon my grammar.

17. darkkjedii

Posts: 31798; Member since: Feb 05, 2011

Nahhh, but if you're gonna bash, at least use proper grammar.

23. Tizo101

Posts: 644; Member since: Jun 05, 2015

unfortunately for you - you just sound like any a**hole because not everyone was born speaking English. I'm also one of those.

24. darkkjedii

Posts: 31798; Member since: Feb 05, 2011

Thanx for the compliment, now get lost. Capitalize "unfortunately", next time you start a sentence with it.

33. AlikMalix unregistered

Stop it DJ, you gonna make him cry... Dude is trolling against people with efforts to offend you and gets all whiny "boo-hoo, english is my second language". You're a troll Tizo, you gonna get burned by those that disagree with your post...

35. darkkjedii

Posts: 31798; Member since: Feb 05, 2011

I'm gonna really grill him, if he keeps poking me Alik. He's been warned lol.

40. SirYar

Posts: 351; Member since: Jul 02, 2014

Watch out guys, the iPhoneArena grammar police is on the loose!

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless