Summary We recently identified a new Apple iOS malware and named it YiSpecter. YiSpecter is different from previously seen iOS malware in that it attacks both jailbroken and non-jailbroken iOS devices through unique and harmful malicious behaviors. Specifically, it’s the first malware we’ve seen in the wild that abuses private APIs in the iOS system to implement malicious functionalities. So far, the malware primarily affects iOS users in mainland China and Taiwan. Mac OS X Lion ISO Download free in single fast link. It is full offline installer of Mac OS X Lion for windows 32/64 bit. With a wide range of interface improvements and remarkable new features all through the core applications, this application is an excellent update. Feb 28, 2018 - 快播 is used by 111 users of Mac Informer.
It spreads via unusual means, including the hijacking of traffic from nationwide ISPs, an SNS worm on Windows, and an offline app installation and community promotion. Many victims have discussed YiSpecter infections of their jailbroken and non-jailbroken iPhones in online forums and have reported the activity to Apple. The malware has been in the wild for over 10 months, but out of 57 security vendors in VirusTotal, only one is detecting the malware at the time of this writing. YiSpecter consists of four different components that are signed with enterprise certificates. By abusing private APIs, these components download and install each other from a command and control (C2) server. Three of the malicious components use tricks to hide their icons from iOS’s SpringBoard, which prevents the user from finding and deleting them. ![]() According to victims’ reports, all these behaviors have been exhibited in YiSpecter attacks in the past few months. Some other characteristics about this malware include: • Whether an iPhone is jailbroken or not, the malware can be successfully downloaded and installed • Even if you manually delete the malware, it will automatically re-appear • Using third-party tools you can find some strange additional “system apps” on infected phones • On infected phones, in some cases when the user opens a normal app, a full screen advertisement will show YiSpecter is the latest in a line of significant malware families to target iOS devices. Previously, demonstrated the ability to infected non-jailbroken iOS devices by abusing enterprise certificates, and academic researchers have discussed how private APIs can be used to implement sensitive functionalities in iOS. However, YiSpecter is the first real world iOS malware that combines these two attack techniques and causes harm to a wider range of users.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
March 2019
Categories |