It seems Apple has to fight continuous threat that are trying to infect iOS devices. After XCodeGhost, YiSpecter Malware has got its way to iOS. PaloAlto Networks has found new virus that are infecting iOS devices, both jailbroken as well as non-jailbroken. It abuses private APIs in the iOS system to implement malicious functionalities, they added. Mainly Chinese and Taiwanese users are affected by YiSpecter Malware.
When the device is infected, YiSpecter can change browsers’ default search engine, display annoying ads, download and install malicious apps, replace existing app with the downloaded apps, open unwanted pages on browser, upload device details on C2 servers etc., and there are many malicious stuffs that it can do without users’ permission.
PaloAlto also reported that YingMob Interaction Enterprise is behind this YiSpecter Malware. It has been developed by them, three components out of four are signed by them, even they found README.md file that has the same name mentioned. YiSpecter’s C2 Server has hosted some websites that belongs to YingMob.
How to remove YiSpecter Malware from iOS
Along with finding the malware, PaloAlto also informed how infected users can remove it.
- Remove any app installed with these name on your iOS device : 情涩播放器”, “快播私密版” or “快播
- Go to Settings -> General -> Profiles, and remove all untrusted, unknown and doubtful profiles
- iTunes won’t help in this issue. So you need to use any third-party iOS management tool, like iFunBox on Windows or Mac OS X, and connect your iOS device
- You can check all installed iOS apps in Management tool; if you find apps with such names, like Phone, Weather, Game Center, Passbook, Notes, or Cydia, delete them. Don’t get confused, this process will not remove or affect System apps, but only infected apps or the apps YiSpecter has installed or replaced.
TechCrunch contacted Apple about this issue and Apple gave these statement:
This issue only impacts users on older versions of iOS who have also downloaded malware from untrusted sources. We addressed this specific issue in iOS 8.4 and we have also blocked the identified apps that distribute this malware. We encourage customers to stay current with the latest version of iOS for the latest security updates. We also encourage them to only download from trusted sources like the App Store and pay attention to any warnings as they download apps.
It means you must update your iOS device to the latest version. Using older version could be the reason to get infected. However, Apple didn’t say anything about older models that cannot be updated to iOS 9. So you need to follow the removal process that we mentioned to get rid of the infection.