First iOS Malware that Attacks Non-Jailbroken Devices

YISPECTER malware is the first to attack non-jailbroken Apple iOS devices by abusing private apis. So far, the malware primarily affects iOS users in mainland China and Taiwan. It spreads via unusual means, including the hijacking of traffic from nationwide ISPs, an SNS worm on Windows, and an offline app installation and community promotion. Mark James, security specialist at IT Security Firm ESET have the following comments on it.

[su_note note_color=”#ffffcc” text_color=”#00000″]Mark James, Security Expert at IT Security Provider ESET :

How serious is it?

“Any malware on mobile platforms is bad, the end user often falls into a “security bubble” when using mobile devices and fails to see the dangers from its misuse. Also people often forget or ignore the usual concerns, which they would pay attention to when using a desktop, thinking they don’t apply to mobiles. This particular strain of iOS malware can affect almost any iPhone, including non-jailbroken devices. The delivery method is often used for delivering business apps not available on the app store that your business may need or use. The big safety bubble around iOS and iPhones may be starting to break down but you can still take measures to protect yourselves by only downloading apps from the official store and checking with your IT team if you need to download any apps from any other sources.

This malware can download other malicious apps, these apps could replace your existing apps which you use on a daily basis and allow them to virtually do what they like without your knowledge. It could also display adverts, change safaris default search engines or even text premium rate numbers. It’s worse in the fact it combines more techniques for infecting your iPhone, thus enabling a much wider range of targets. The use of private APIs enables the malware to gain control of already installed apps and users who previously thought they were safe.”

Tips:

“Make sure you always check your sources for getting apps and never download them from any untrusted sites or areas. Stick to your official app store and if you need to download an app as part of your business process then make sure you check with your IT department to ensure its coming from the right places. Check your installed profiles in Settings >General > Profiles to ensure you recognise and understand what they do, if you don’t then seek guidance from you IT administrator ASAP.”[/su_note][su_box title=”About ESET” style=”noise” box_color=”#336588″]ESETSince 1987, ESET® has been developing award-winning security software that now helps over 100 million users to Enjoy Safer Technology. Its broad security product portfolio covers all popular platforms and provides businesses and consumers around the world with the perfect balance of performance and proactive protection. The company has a global sales network covering 180 countries, and regional offices in Bratislava, San Diego, Singapore and Buenos Aires.[/su_box]

Experts Comments

Stay Tuned! Our Information Security Experts Community is responding .....

Submit Your Expert Comments

What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.

Write Your Expert Comments *
Your Registered Email *
Notification Email (If different from your registered email)
* By using this form you agree with the storage and handling of your data by this web site.