There was a time when Apple products were considered immune to attack from anyone – even the most exceptionally talented of cyber criminals. However, unfortunately for Apple users this is no longer the case. While we have begun to see malware attacks on iPhones and iPads, it has always been considered a relatively low threat for those users who don’t download any apps other than those that are available via the iOS App Store (i.e. their devices aren’t ‘jailbroken’).
However, that was before YiSpecter appeared, the first real world iOS malware that can infect both non-jailbroken and jailbroken devices. YiSpecter hooks into private APIs in iOS 8 and then uses a whole range of different tactics to spread itself far and wide. It can download, install and launch random iOS apps and replace apps that are already on a device with those downloads. It’s also capable of hijacking the execution of other apps on the phone in order to display adverts. The malware can change bookmarks and open pages, alter the safari’s default search engine and upload device information to a remote server. It’s pretty scary stuff, especially when you consider that the app can be downloaded not just to those devices that have been jailbroken but to a normal, non-tampered with device too. Worst of all, those who have encountered it have found that it will automatically reappear on a system, even if it has been manually deleted from it.
iOS malware-free history
Up until now we have seen iOS remain relatively malware free, partly because of the fact that the Apple app store is managed by humans and party because there are simply more Android users in the world and so their devices have been more of a target for cybercriminals. Most experts agree that this is all going to change now though and YiSpecter is not the first – and won’t be the last – of the attackers trying to get to that valuable data and hostage taking control that malware can enable. WireLurker is an example of a former piece of malware that successfully attacked non-jailbroken devices, as well as those that were jailbroken, by abusing enterprise certificates. YiSpecter is thought to be the next generation on from this. Insiders think YiSpecter has been in existence for at least 10 months, mostly in China and Taiwan.
Given the rise in these attacks, infrastructure and security management is becoming increasingly more crucial for businesses. Managed network services can provide an efficient way to ensure that these kinds of threats are efficiently handled.