iOS Malware, YiSpecter, Affecting Versions Older Than iOS 9

Noting that the problem was unlikely to offset the majority of end users, Apple announced on Monday the presence of the ‘YiSpecter’ malware, which is said to primarily affect iOS devices running older versions of the operating system. Despite the newly discovered bug’s ability to attack both Jailbroken and stock iPhone models, however, Apple is downplaying the seriousness of the virus, and has repeatedly suggested that it’s not a major issue.

Speaking to The Loop this week, a representative from Apple stated that,

This issue only impacts users on older versions of iOS who have also downloaded malware from untrusted sources. We addressed this specific issue in iOS 8.4 and we have also blocked the identified apps that distribute this malware. We encourage customers to stay current with the latest version of iOS for the latest security updates. We also encourage them to only download from trusted sources like the App Store and pay attention to any warnings as they download apps.”

Researchers at the Palo Alto Networks firm described YiSpecter as the “first malware in the wild” to exploit private APIs in iOS. It has primarily impacted people living in China and Taiwan, and has supposedly averted detection over the last 10-months or so of being active. China is known for being home to a vast market for pirated applications, thus upping the chances of exposing devices to the malware.

An example of a popup that could install the malware

Once the YiSpecter virus is onboard the affected device, the code can download, install, and launch applications, or, in extreme cases, even replace existing software, altogether. It can also open pages in and change Safari settings, as well as upload device information to a remote server. In addition, YiSpecter can flash fullscreen advertisements when launching a normal, otherwise ad-free application. Try to delete the malware manually, and it’s likely to reappear at a later time.

Apple is said to be currently working on a patch for the YiSpecter malware, however they are recommending that all users running versions of iOS prior to 9.0 upgrade their firmware as soon as possible to increase their chances of averting the threat.

Apple’s announcement comes hot off the heels of the Cupertino tech giant having recently addressed a different malware threat, referred to as “XcodeGhost,” which is an infection that permeated the Apple app Store through slightly modified versions of its Xcode development tool.

Apple is known for being very stringent on matters pertaining to security, at least, in comparison to its competitors like Google. Between the month’s of June, 2009, and April, 2014, Apple devices have faced the threat of only 11 different malware bugs, eight of which only affected Jailbroken devices, and nine of which affected only markets wherein there exists a higher volume of pirating and boot loading of applications and content — such as China, Russia and several provinces in Europe.