YiSpecter Malware attacks iOS devices
There was recently identified a new malware called YiSpecter. What does this malware do? It gets into the iOS gadgets and attacks the private APIs in the system. Users from China and Taiwan complained and reported the problem to Apple. They are expecting a quick solution to this problem. Is it harmful? You have no idea how much. The YiSpecter abuses your device’s system and then applies malicious behaviors.
What YiSpecter Malware does exactly?
For now, only the users from China and Taiwan are affected. But the malware spreads very fast. The YiSpecter Malware can be a nightmare. If your device gets infected from the malware, it can start installing applications and programs you never wanted to install. It can even delete all the apps and programs from your device and replace them with some random apps.
It will change absolutely everything you had on your phone/ iPad. For example your browsing history and bookmarks will suddenly disappear. You will hate your apps because the only thing they will do is show full – screen advertisements. It will seem impossible to get rid of it even after you delete it from your phone / iPad.
What you need to know about YiSpecter Malware is that it is composed of four separate and individual parts. So, once your device gets infected all those four parts will automatically be downloaded and installed on your device and you can’t do anything to stop them. It is a lot more complicated than you think, because you can’t just delete them one by one.
Three of these parts use special maneuver to put their icons of sight. It is almost impossible to find and get rid of them. Besides that, you can easily be tricked because the malware uses logos and names from apps that are already installed on your iOS device.
Here is what Claud Xiao (a security researcher from Palo Alto Networks) said: ‘’by abusing enterprise certificates and private APIs, YiSpecter is not only able to infect more devices, but pushes the line barrier of iOS security back another step.”. He also said that this is not something new, users are dealing with this problem for more than 10 months.
As it was mentioned above, YiSpecter Malware can really mess up your device and put you into trouble if you are not careful. The bad thing is that it uploads all your information on one server (C2).
This is what you need to know about YiSpecter:
- The YiSpecter malware can easily be downloaded and installed on jailbroken and non – jailbroken iOS devices;
- It is not possible to delete it, because it will appear and install itself over and over again;
- Every time you open an existing or newly installed app you will get a full screen advertisement;
- It can change default search engines;
We still don’t know how many users got infected by the YiSpecter malware, but we assume that the number is huge since it has been affecting iOS devices since November last year. If you weren’t familiar with that, the malware was first launched to the users as a “private” application called QVOD that allowed users to watch and share porn videos for free.
That was the time when users first got infected by this malicious malware. They installed the QVOD app and infected their iOS devices. After that the YiSpecter Malware started spreading through online communities where people downloaded and installed third – party apps to get fees from app developers. Then, users got infected from hijacked traffic and a Windows worm.
In the past only jailbroken devices had a risk to be attacked by malware, but that is not what happened this time. YiSpecter Malware showed us that even non – jailbroken iOS devices can be attacked and infected too. Is this only a test? We don’t know yet.
That is a huge problem that might bring Apple’s reputation down. YiSpecter is the first malware that was able to attack jailbroken and non – jail broken iOS devices. This means that Apple’s devices are not so secure and protected as we thought.
They always talked about how important safety and protection is, so let’s hope that they will remove the malware from iOS devices. This is a meaningful observation especially because Apple users always considered that the security system of the company is one of the most effective ones. It is something that affects all iOS users, because it causes harm to a huge range of devices.
Is it possible to manually remove the YiSpecter malware?
Since the problem has only affected users in China and Taiwan, Palo Alto Networks were able to take some action in order to block the YiSpecter malware. But there is a simple process that consists of four steps and will help you remove the malware from your devices. You just need to follow all the steps carefully. Here is what you need to do when your device is infected with YiSpecter:
- The first step is to open your Settings, then choose General and then Profiles. When you enter there, you must get rid of all the unknown profiles you see there.
- If you see any applications that have the following names: (情涩播放器, 快播私密版, 密版) delete them immediately. They are malicious and contain the YiSpecter malware.
- To connect your smartphone or iPad devices with a Windows or Mac device, use a third – party management tool (iFunBox for example).
- The last but not least is the step where you need to check all the apps on your device. If you see other apps that you didn’t install delete them, because they are fake and malicious.
The best way to stay protected by this type of iOS malware is to never download apps from unknown developers. The safest place to download your iOS apps is the official Apple app store. Sometimes even the apps from the App Store can be dangerous, but this time Apple is trying to improve their methods in order to prevent this kind of security issues.