New Tricky iPhone Malware Spreading In China And Taiwan

A new kind of malware that show full screen ads thrives on Apple devices in China and Taiwan. The development follows reports last month that apps loaded with malware should be removed from the company's App Store.


The malicious software, called YiSpecter, is reportedly able to "install and start random iOS apps, replaces the existing apps with those it downloads, capes carrying other apps to display ads, modify Safari default search engine, bookmarks and open pages, and upload the device information, "according to US-based cyber security company Palo Alto Networks.

Victims of YiSpecter are reportedly tricked into infection by making them to download what appears to be a "private version" or "Version 5.0" of a popular but now defunct media player, called QVOD.


In China, QVOD was popular for its ability to enable users to share pornographic content. Pornography is illegal in China, but there is a vast underground network of secret sites and third-party apps to circumvent those laws. The offices of the app developer, Kuaibo, were raided by police in 2014.

YiSpecter is able to make use of private application programming interfaces (APIs) to install itself on infected machines and then trick iOS 'Springboard, software that manages things like app icons on the home screen, to prevent users remove. The malware this deception a step further by using the same name and logos of the system apps. It does not even need the iPhone or iPad to be jailbroken (the term used to describe the process unlocking a device, allowing you to install unauthorized apps require).

Ryan Olson, director of threats of Palo Alto Networks, told The Wall Street Journal that the culprit appears to be a China-based mobile advertising service and that Apple had made from this new threat.

The news comes two weeks after the XcodeGhost attack caused Apple to attract a large number of reliable, high-profile apps from China's app store.


EmoticonEmoticon