x PhoneArena is hiring! Reviewer in the USA

New piece of iOS malware can install fake apps on iPhone and iPad

Posted: , posted by Ben R.

Tags :

New piece of iOS malware can install fake apps on iPhone and iPad
While some still harbor a blasé attitude to digital security, the mobile community does appear to be paying more attention in this regard. With so many well-documented hacks and leaks of private information, it pays to think twice before downloading a potentially malicious file, or using a very basic, easy-to-guess password. Still, even with less ignorance and more information, the fight against malware is an ongoing one that will never end completely, as some iOS users in China and Taiwan have recently discovered firsthand. 

With Apple's mobile OS being a walled garden, it's sometimes perceived as a safe haven from malware, particularly when compared to close rival Android. But this assumption is simply incorrect, and a new piece of malware by the name of YiSpecter seems to have found its way into a number of Apple devices throughout Asia. 

Cyber security firm Palo Alto Networks reports that once YiSpecter gets its claws in, it gets to causing all manner of havoc; spoofing stock apps with those downloaded while hijacking others to display ads. YiSpecter's courtesies also extend to changing Safari's default search engine, modify bookmarks and uploading certain device information without a user's permission. 

There's no debating that a sizable amount of the Web's not-so-nice-ware uses pornography to bait its targets, and YiSpecter is one of them. QVOD was a China-based app that allowed users to share content of this nature, despite the fact that pornographic material is illegal in the country. With QVOD having shut up shop following a police raid last year, devotees are now being lured into downloading a fake 'new' version of the app, which is merely a ruse for our friend YiSpecter to infiltrate unsuspecting victims. 

There's a perception that iOS device owners are only vulnerable to intrusion if they happen to dabble in jailbreaking. While this process, like Android rooting, does give hackers a larger target to aim at, even stock iOS isn't completely foolproof. Capitalizing on the private API infrastructure, YiSpecter can spoof other apps and cause a lot of potential damage, irrespective of whether a device has been jailbroken or not. 

According to an Apple rep speaking with CNet, the vulnerability that allows YiSpecter to operate has been fixed with iOS 9. Running the latest software is one very easy defense against malware no matter what device you own. Also, sticking with official download channels -- in this case, the App Store -- will also help your device to stay clean. 


65 Comments
  • Options
    Close





Want to comment? Please login or register.

Latest stories