Home > Mobile > New iOS malware in China hijacks apps and forces…

New iOS malware in China hijacks apps and forces full-page ads in Safari

ios malware yi specter china news apple iphone  s x
Jessica Lee Star/Digital Trends

Malware on iOS is starting to become a weekly news event. This week’s intrusive software comes in the form of YiSpecter, a program capable of taking over iOS and displaying full-page ads on Safari.

The new malware, which is making the rounds in China and Taiwan, offers ways to circumvent the government’s Internet censorship. It persuades users to download a private version of QVOD, a defunct media player used for sharing pornography and other illegal content in China. QVOD was shut down in 2014 after police raided the developer’s offices, but it is still incredibly popular in China’s underground Web as a portal to illegal content.

Related: Apple’s latest acquisition could make Siri sound more natural

Once the app is downloaded, YiSpecter tricks iOS SpringBoard — the software that manages the on-screen icons on iOS — to stop users from uninstalling the app. It then blends into the background, hiding under one of the many system apps on iOS.

YiSpecter is able to “replace existing apps with those it downloads, hijack other apps’ execution to display advertisements, change Safari’s default search engine, bookmarks and opened pages, and upload device information,” according to Palo Alto Networks. A Chinese mobile advertising service was allegedly responsible for the malicious app.

Related: John McAfee: US gov’t hack by China is an American nightmare — and the decline of an empire

Luckily, Apple acknowledged the problem quickly and removed the app.

“We advise customers to stay current and only download content from the App Store and trusted sources … This particular vulnerability was indeed fixed in iOS 9.0,” an Apple spokesperson said to CNET.

News of the YiSpecter attack follows last week’s Chinese malware panic, which was caused by several high-profile developers who used a faulty version of Xcode to build apps. Those apps have since been purged from the App Store and replaced with apps built on a legitimate version of Xcode.

The YiSpecter attack is another case that proves China’s wild west approach to app curation is not working. Without checks in third-party apps stores, it’s easy for malicious programs to bypass iOS security.