Tuesday, 6 October 2015

New iOS Malware Infected iPhones In China And Taiwan

Researchers have new iOS malware discovered both jailbroken and non-jailbroken iPhones can also infect and spread by the actions of internet providers. The malware is by Palo Alto Networks YiSpecter mentioned. According to the security company differs from other iOS malware, because it is the first malware that the private interfaces (APIs) used in iOS to add malicious functionalities.

The malware spreads in several ways, including a text messaging worm on Windows, hijacked Internet traffic, promotion on Chinese social media and offline app installation YiSpecter would be more than 10 months to run, but by far most anti-virus companies are not recognized . This is partly because the Chinese anti-virus company, the ones that it has found not want to share with other anti-virus companies, according to Palo Alto Networks.

YiSpecter consists of four different parts, each with an enterprise-signed certificate. In this way, they can also be installed on non-jailbroken devices. Through the use of the private APIs may install the components to each other from a command and control server. In case a user the malware is removed which reinstalled. On infected iPhones malware can install any iOS apps, replace existing apps, show ads, send information about your device and adjust the search engine in Safari bookmarks and open pages.


The malware would have been operating since October 2014 and poses as a video player for playing porn videos. One of the ways to spread is through the hijacking of Internet traffic. According to Palo Alto Networks have local Chinese Internet providers in past years the DNS and Internet traffic of their customers hijacked. For example, for the injection of advertisements. Last year, for example, the downloads were of Chinese Internet users changed.

Providers who saw that their customers an APK file to download tried were offered another APK file. For the dissemination of the YiSpecter-malware is also hijacked Internet traffic. When Internet users visit certain websites, they get a pop-up that asks if they want to install the video player to watch "special videos". In reality, the malware is offered. Most victims of YiSpecter are located in China and Taiwan.

How many devices have been infected with the malware is unknown, but according to Palo Alto Networks infections are preventable very simple. Users must follow the basic rules: namely, no download iOS apps from unreliable sources, no install unknown developers rely only apps from the official Apple App Store.

Samples of YiSpecter

57cc101ee4a9f306236d1d4fb5ccb3bb96fa76210142a5ec483a49321d2bd603 ADPage

4938b9861b7c55fbbe47d2ba04e9aff2da186e282f1e9ff0a15bbb22a5f6e0e7 ADPage.ipa

fc55c5ced1027b48885780c87980a286181d3639dfc97d03ebe04ec012a1b677 DaPian

5259854994945a165996d994e6484c1afc1c7e628cb5df2dc3750f4f9f92202e DaPian.ipa

7714dbb85c5ebcd85cd1d93299479cff2cc82ad0ed11803c24c44106530d2e2f HYQvod

ddd16577b458a5ec21ea0f57084033435a46f61dc5482f224c1fe54f47d295bc HYQvod.ipa

8fa135fc74583e05be208752e8ce191060b1617447815a007efac78662b425d0 HYQvod_3.3.3

526e1dc893629c00c017fbe62b53392cb26bc6b15947e7b8b7df10a62f40cbad HYQvod_3.3.3.ipa

41176825ba0627f61981280b27689a0c5cc6bfb310a408fa623515e6239b8647 NoIcon

98e9e65d6e674620eccaf3d024af1e7b736cc889e94a698685623d146d4fb15f NoIcon.ipa

e7f071929a4304447cf638057d9499df9970b2a3d53d328a609f191a4bc29ffd NoIconUpdate

8873908061f9c8d563de26fe6fa671080a90a2d60f795cc0664ef686e1162955 NoIconUpdate.ipa

Samples of Worm.Win32.Lingdun

2771276596981c0ff189c27e6869b147c3c3665fd8b94b14d68695ea6ea3d09d inst.exe

8d113243da8992220e73a2fd02ae28d209b326b191aeef95f3c8e223c1c6db96 leba99_setup_220041398.exe

9e538a58aed94a7748df9262ae0343dea9efce8d9117e0868eb404e1098747b6 u.exe

1607cf9625d7bf4ef39f8c1383fa0b1b1edcd13939d5d49fba5cdc14a73a2d95 ziyt.scr

6bd56dd4cc6a97912531fcb8d9f79f814fd45c9e97600f170646308868b1097b 亲情视频秀.exe

a8456f50c47b5248a93bcaebd05cb07bbf61527d5c7537767df1aaabb64bad95 天使嫩女视频全集.msi

No comments:

Post a Comment