This malware is so severe that it spreads via unusual means, including the hijacking of traffic from nationwide ISPs, an SNS worm on Windows, and an offline app installation and community promotion. Many victims have discussed YiSpecter infections of their jailbroken and non-jailbroken iPhones in online forums and have reported the activity to Apple.
The malware is infecting Apple devices since November 2014, but out of 57 security vendors in VirusTotal, only one is detecting the malware at the time of this writing. There are more than 100 apps in Apple’s App Store, which is infected with YiSpecter Malware. This is the first time any malware has bypassed the Apple’s notorious code reviews.
Some major attributes of YiSpecter Malware are:
- The malware can be downloaded and installed in your device regardless of the fact that its jailbroken or not.
- You cannot remove malware from your device once it is downloaded or installed. Even if you try to manually delete the malware it will re-appear on your device.
- Using third-party tools you can find some strange additional “system apps” on infected phones.
- Once YiSpecter Malware is installed in your device, normal apps start to show full screen advertisements when user try to open them.
There is a malware named XcodeGhost which is similar to YiSpecter, these are the only malwares who effected non-jailbroken apple devices severally. But Plao Alto researchers believed that there is no connection between the developers of these malwares. However, YiSpecter is the first real world iOS malware that combines these two attack techniques and causes harm to a wider range of users. It pushes the line barrier of iOS security back another step.
So far there has been no statement released by the Apple regarding this news broken by Palo Alto researchers today.