New malware affects iOS devices, with or without Jailbreak

Experts from the Palo Alto Networks company reported that they have discovered a new user-centric malware for iOS. A distinctive feature of this malware is that it can easily affect jailbroken devices as well as original. The extent of contamination is still unknown, but most likely, the situation is bad. According to experts, the first time YiSpecter was seen in November 2014, but at that time it was spread among devices without jailbreak. Since then, malware was modified and improved.

YiSpecter was discovered for the first time when it was disguised into porn player application. Malware was disguised as private version of the popular in the East application called QVOD, developed by Schering Kuaibo for sharing of adult movies. In addition, YiSpecter’s arsenal include such methods of distribution as the interception of Internet Service Provider traffic, Trojan worm for Windows, which firstly attacked the messenger Tencent QQ, and even spread through online communities where users install the applications in exchange for promotional fees from the developers.


YiSpecter include four components, which are signed by enterprise certificates. That and the use of private API and MobileInstallation framework, allow malware to use a variety of tricks to hide its presence in the system. For example, YiSpecter can use the same name and logo as a legitimate system application, or hide its icons from the SpringBoard, so the user is not able to find it and remove.

“On the infected iOS device YiSpecter can download, install and run various applications, replace the existing applications with false, break other applications, in order to display full-screen advertisements, change user’s default search settings in Safari, make changed in the default home page and bookmars, as well as communicate with the C&C servers and send them all the information about the infected device.” – saying experts from Palo Alto Networks.

It is not so easy to remove YiSpecter. If user delete it as usually, the malware will easily restore itself in the system. Therefore, we recommend you to follow the following guide below:

  1. Go to the Settings à General àProfiles and remove all unknown and untrusted profiles.
  2. Remove any installed applications containing in the name情涩播放器, 快播私密版 or 快播0.
  3. Use third party tools for iOS management, for example iFunBox, to connect the iPhone or iPad.
  4. Check the iOS pre-installed applications, such as Phone, Weather, Game Center, Passbook, Notes and Cydia and remove them (it will not affect the real system applications, only a fake and malicious versions will be removed).

Apple Inc, already know about the problem and reported that it is under investigation.

Information added: 10/15/2015 12:54 AM;