There is a new kind of malware that shows full screen ads appearing on Apple devices in China and Taiwan, CNet reports. This follows last month’s report that malware-laden apps had to be removed from the Apple App Store.
YiSpecter is the malware’s name, and messing with iOS apps is its game. According to a cybersecurity firm, YiSpecter has the ability to "install and launch arbitrary iOS apps, replace existing apps with those it downloads, hijack other apps' execution to display advertisements, change Safari's default search engine, bookmarks and opened pages, and upload device information.”
No one goes looking for malware, so the users who ended up with YiSpecter were reportedly tricked into it. They thought they were downloading a new or private version of a once-popular, now out of business, media player named QVOD.
The offices of QVOD’s developer, Kuaibo, were raided by police in 2014 probably because the media player was largely popular for its ability to let users share pornographic content (which is illegal in China.)
YiSpecter installs itself on infected devices by way of private application programming interfaces (APIs), and then tricks the iOS SpringBoard, the software that manages app icons on the home screen, to prevent users from deleting the app. It might be hard to spot because YiSpecter uses the same name and logos of system apps. And there’s no red flag when installing because you don't need to jailbreak the device first.
An Apple spokesperson told CNet that the issue was fixed in iOS 9.0 and encouraged Apple users to keep their device updated and only download content from the App Store.
Image credit: Shutterstock