YiSpecter malware affects both jailbroken and non-jailbroken iOS devices and abuses APIs for malicious activity....
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
How does YiSpecter infect non-jailbroken devices, and what is the best way to defend against it?
YiSpecter malware may seem like a relatively low-risk threat to enterprise users and to only be targeting users in China. However, the in-depth investigation performed by Palo Alto Networks brings to light how numerous low-risk security issues can, together, completely compromise the security of a non-jailbroken iOS device. It looks much like early forms of adware for Windows with affiliates, install tracking and ad injection among others, with many of the same risks.
YiSpecter infects non-jailbroken -- and jailbroken -- devices by abusing the enterprise distribution mechanism for iOS, using an app signed by a legitimate enterprise certificate that the user agrees to install. The user installs the malicious app thinking she is installing a video player or "free" versions of non-free software. Once it is installed on the device, it uses private APIs to install additional malware to replace legitimate applications, and ensure the malware protects itself from removal. It will be hidden from the list of installed apps and named similarly to legitimately installed apps. It will also start showing new ads on the device.
Palo Alto Networks stated the best way to defend against YiSpecter is to only download iOS apps from the official Apple iOS App Store or from an enterprise-managed internal app store. Users should resist the urge to access free versions of commercial software or free access to non-free content. Palo Alto Networks has published the IPS signatures to help enterprises to detect compromised devices. Apple was notified of the compromised enterprise certificates and said it has blocked the specific apps that were spreading the YiSpecter malware. Apple also said older versions of iOS are vulnerable to the malware, and that users should upgrade to iOS 8.4 to protect themselves.
Learn more about new iOS malware called KeyRaider
Discover how malware bypassed Apple's App Store security controls
Read more on the increase of digitally signed malware
Dig Deeper on Smartphone and PDA Viruses and Threats-Setup and Tools
Related Q&A from Nick Lewis
Locky ransomware has, again, changed tactics by moving to using LNK files for distribution. Expert Nick Lewis explains how enterprises can adjust ...continue reading
Hajime malware was discovered to have links to the Mirai botnet that launched powerful DDoS attacks last year. Expert Nick Lewis explains how Hajime ...continue reading
Drammer, or a deterministic Rowhammer attack, was found to be more effective on ARM-based mobile devices. Expert Nick Lewis explains the issue with ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.