YISPECTER malware is the first to attack non-jailbroken Apple iOS devices by abusing private apis. So far, the malware primarily affects iOS users in mainland China and Taiwan. It spreads via unusual means, including the hijacking of traffic from nationwide ISPs, an SNS worm on Windows, and an offline app installation and community promotion. Mark James, security specialist at IT Security Firm ESET have the following comments on it.
[su_note note_color=”#ffffcc” text_color=”#00000″]Mark James, Security Expert at IT Security Provider ESET :
How serious is it?
“Any malware on mobile platforms is bad, the end user often falls into a “security bubble” when using mobile devices and fails to see the dangers from its misuse. Also people often forget or ignore the usual concerns, which they would pay attention to when using a desktop, thinking they don’t apply to mobiles. This particular strain of iOS malware can affect almost any iPhone, including non-jailbroken devices. The delivery method is often used for delivering business apps not available on the app store that your business may need or use. The big safety bubble around iOS and iPhones may be starting to break down but you can still take measures to protect yourselves by only downloading apps from the official store and checking with your IT team if you need to download any apps from any other sources.
This malware can download other malicious apps, these apps could replace your existing apps which you use on a daily basis and allow them to virtually do what they like without your knowledge. It could also display adverts, change safaris default search engines or even text premium rate numbers. It’s worse in the fact it combines more techniques for infecting your iPhone, thus enabling a much wider range of targets. The use of private APIs enables the malware to gain control of already installed apps and users who previously thought they were safe.”
Tips:
“Make sure you always check your sources for getting apps and never download them from any untrusted sites or areas. Stick to your official app store and if you need to download an app as part of your business process then make sure you check with your IT department to ensure its coming from the right places. Check your installed profiles in Settings >General > Profiles to ensure you recognise and understand what they do, if you don’t then seek guidance from you IT administrator ASAP.”[/su_note][su_box title=”About ESET” style=”noise” box_color=”#336588″]
Since 1987, ESET® has been developing award-winning
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.