iOS Malware Exploits Chinks In Apple's Private API To Infect iPhones

By Peter R - 06 Oct '15 02:38AM

Security experts have uncovered a new malware in apps downloaded from Apple's app store.

According to ZD Net, the malware 'YiSpecter' is the first malware that exploits Apple iOS's private application program interface (API) which the company has not documented. The vulnerability was discovered by Palo Alto Networks which counted at least 100 apps abusing private APIs.

"So far, the malware primarily affects iOS users in mainland China and Taiwan. It spreads via unusual means, including the hijacking of traffic from nationwide ISPs, an SNS worm on Windows, and an offline app installation and community promotion," the firm wrote on its website.

The components of the malware's components were found to be signed with enterprise certificates, indicating abuse of private APIs.

The malware can a do a number things on infected devices including launching full screen advertisements when a user opens an app, download apps to replace existing apps, change Safari's default search engine besides uploading device information to the attacker's server.

YiSpecter may be hard to remove manually as its components hide from the user and also automatically reappear after being deleted. The malware affects an iPhone, whether jail-broken or carrier connected.

Palo Alto Networks has put out suggestions to help users block malicious traffic and to remove the worm.

In response to the worm's detailing, Apple reportedly said that users running older versions of iOS remain vulnerable as it has fixed the issue in iOS 8.4, while warning users to not download apps from untrusted sources.

Fun Stuff

The Next Read

Real Time Analytics