1. Mobile

New iOS malware in China hijacks apps and forces full-page ads in Safari

By

the iphones switch control has opened up a world of possibility for quadriplegic todd stabelfeldt apple iphone 6s 7859 1500x1
Jessica Lee Star/Digital Trends
Malware on iOS is starting to become a weekly news event. This week’s intrusive software comes in the form of YiSpecter, a program capable of taking over iOS and displaying full-page ads on Safari.

The new malware, which is making the rounds in China and Taiwan, offers ways to circumvent the government’s Internet censorship. It persuades users to download a private version of QVOD, a defunct media player used for sharing pornography and other illegal content in China. QVOD was shut down in 2014 after police raided the developer’s offices, but it is still incredibly popular in China’s underground Web as a portal to illegal content.

Once the app is downloaded, YiSpecter tricks iOS SpringBoard — the software that manages the on-screen icons on iOS — to stop users from uninstalling the app. It then blends into the background, hiding under one of the many system apps on iOS.

YiSpecter is able to “replace existing apps with those it downloads, hijack other apps’ execution to display advertisements, change Safari’s default search engine, bookmarks and opened pages, and upload device information,” according to Palo Alto Networks. A Chinese mobile advertising service was allegedly responsible for the malicious app.

Luckily, Apple acknowledged the problem quickly and removed the app.

“We advise customers to stay current and only download content from the App Store and trusted sources … This particular vulnerability was indeed fixed in iOS 9.0,” an Apple spokesperson said to CNET.

News of the YiSpecter attack follows last week’s Chinese malware panic, which was caused by several high-profile developers who used a faulty version of Xcode to build apps. Those apps have since been purged from the App Store and replaced with apps built on a legitimate version of Xcode.

The YiSpecter attack is another case that proves China’s wild west approach to app curation is not working. Without checks in third-party apps stores, it’s easy for malicious programs to bypass iOS security.

Editors' Recommendations

How to play rain sounds in iOS 15 using the new Background Sounds feature

iOS 15 preview webpage on an iPhone 11.

How to download iOS 13 on your iPhone or iPod Touch

everything apple announced at wwdc 2019 ios 13

Apple iOS 15 features that aren’t available at launch

Multiple iPhone 13 screens showing iOS15.

How to hide apps on an iPhone

How to Hide Apps on an iPhone

With Tesla bleeding money, Elon Musk initiates hardcore spending review

Tesla Model Y front

Best cheap Sonos deals for September 2021

sonos move review 8

Best cheap Powerbeats Pro deals for September 2021

samsung galaxy buds jabra elite 65t powerbeats pro true wireless earbuds amazon deals feat 768x479 c

Best cheap Bose headphone deals for September 2021

Bose QuietComfort 35 Wireless Noise Cancelling Headphones II

First renders of a Note-like Galaxy S22 Ultra make their way online

The Samsung Galaxy S22 Ultra leaks online via renders.

These Sony noise-canceling headphones are 48% OFF today

The Sony WH-CH710N headphones.

Walmart is virtually giving away this Acer Nitro gaming laptop right now

The Acer Nitro 5 is currently $250 off at Walmart

The best 5G phone deals available right now

Samsung Galaxy S20 FE

How to buy a refurbished Mac or MacBook computer

Apple iMac with Retina 5K Display review lifestyle back