{"id":140900,"date":"2015-10-06T08:25:31","date_gmt":"2015-10-06T06:25:31","guid":{"rendered":"http:\/\/mybroadband.co.za\/news\/?p=140900"},"modified":"2015-10-06T08:29:52","modified_gmt":"2015-10-06T06:29:52","slug":"new-malware-attacks-all-iphones-and-ipads","status":"publish","type":"post","link":"https:\/\/mybroadband.co.za\/news\/security\/140900-new-malware-attacks-all-iphones-and-ipads.html","title":{"rendered":"New malware attacks all iPhones and iPads"},"content":{"rendered":"<p><a href=\"http:\/\/researchcenter.paloaltonetworks.com\/2015\/10\/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis\/\" target=\"_blank\"><strong>Palo Alto Networks<\/strong><\/a>\u00a0recently identified a new Apple iOS malware called\u00a0YiSpecter.<\/p>\n<p>YiSpecter attacks both jailbroken and non-jailbroken iOS devices through unique and harmful malicious behaviours.<\/p>\n<p>\u201cSpecifically, it\u2019s the first malware we\u2019ve seen in the wild that abuses private APIs in the iOS system to implement malicious functionalities,\u201d said Palo Alto Networks.<\/p>\n<p>The malware primarily affected iOS users in China and Taiwan. It spreads via unusual means, including the hijacking of traffic from nationwide ISPs, an SNS worm on Windows, and an offline app installation and community promotion.<\/p>\n<p>YiSpecter consists of four components that are signed with enterprise certificates.<\/p>\n<p>By abusing private APIs, these components download and install each other from a command and control (C2) server.<\/p>\n<p>Three of the malicious components use tricks to hide their icons from iOS\u2019s SpringBoard, which prevents the user from finding and deleting them.<\/p>\n<p>The components also use the same name and logos of system apps to trick iOS power users.<\/p>\n<p>On infected iOS devices, YiSpecter can do the following:<\/p>\n<ul>\n<li>Download, install, and launch arbitrary iOS apps<\/li>\n<li>Replace existing apps with those it downloads<\/li>\n<li>Hijack other apps\u2019 execution to display advertisements<\/li>\n<li>Change Safari\u2019s default search engine, bookmarks, and opened pages<\/li>\n<li>Upload device information to the C2 server<\/li>\n<\/ul>\n<p>Even if you manually delete the malware, it will automatically re-appear, stated the report.<\/p>\n<h3 class=\"my-4\">More on security<\/h3>\n<p><a href=\"http:\/\/mybroadband.co.za\/news\/security\/140678-patreon-hack-exposes-private-user-data.html\"><strong>Patreon hack exposes private user data<\/strong><\/a><\/p>\n<p><a href=\"http:\/\/mybroadband.co.za\/news\/security\/140654-new-android-stagefright-vulnerability-uncovered.html\"><strong>New Android Stagefright vulnerability uncovered<\/strong><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Palo Alto Networks has warned of a malware called YiSpecter attacking both jailbroken and non-jailbroken Apple iOS devices.<\/p>\n","protected":false},"author":23,"featured_media":138300,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[27],"tags":[36,605,691,39,1125,33248],"class_list":["post-140900","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security","tag-active","tag-apple","tag-ios","tag-ipad","tag-iphone","tag-yispecter"],"_links":{"self":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/140900"}],"collection":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/users\/23"}],"replies":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/comments?post=140900"}],"version-history":[{"count":1,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/140900\/revisions"}],"predecessor-version":[{"id":140904,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/posts\/140900\/revisions\/140904"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media\/138300"}],"wp:attachment":[{"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/media?parent=140900"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/categories?post=140900"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mybroadband.co.za\/news\/wp-json\/wp\/v2\/tags?post=140900"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}