A new threat is looming and users of iPads and iPhones may not be safe from the malware dubbed YiSpecter.
Researchers from Palo Alto Networks, a cybersecurity firm, have discovered a new malware which targets iOS users in China and Taiwan. YiSpecter downloads apps that are not visible to the users and exposes them to unwanted full-screen adverts and other annoyances.
The malware can spread through malicious code that has been embedded into web pages, underground app distribution sites, a PC worm etc.
"It spreads via unusual means, including the hijacking of traffic from nationwide ISPs, an SNS worm on Windows, and an offline app installation and community promotion," notes the research team in a blog post.
The malware code is able to infect iPads and iPhones which have been unlocked to bypass hardware and software limitations or jailbroken. For those who have not modified their device, you're also not safe as YiSpecter affects non-jailbroken devices too.
By deploying a third-party tool, users of infected devices will find "system apps" that are strange. Moreover, when one opens a regular app on an infected device, a full-screen advert will pop up.
Alarmingly, even though YiSpecter has been around for over 10 months, VirusTotal is the only security vendor which is able to detect the malware.
The researchers also divulge that in the event a user is able to detect the malware and deletes it, the process is of no use. Why? Because YiSpecter will re-appear automatically.
Earlier in September, several popular mobile apps in China were affected by XcodeGhost malware. However, unlike XcodeGhost which targeted the App Store and spread through it, the YiSpecter was not inserted in any apps from the store.
YiSpecter is able to come across as an application which enables users to view porn videos. The code in the malware is able to alter the settings on Safari and observe the genuine app usage by the individual and, thus, show adverts when the legit apps are in use.
Those affected by YiSpecter "were generally fooled, either because they thought they were installing something else or they clicked to accept an installation they shouldn't have," according to Palo Alto Networks' Ryan Olson.
It is not known how many users in China and Taiwan have been affected by YiSpecter. However, the research firm believes that a Chinese mobile advertisement platform is the culprit. Apple is reportedly investigating the matter after it was informed by Palo Alto Networks.