IPhones at Risk From China Advertising Malware, Researcher Says

  • Non-jailbroken devices also at risk of malware infection
  • Apps can be secretly installed with icon hidden from view

The iPhone 6s Is Better, But Not How You Think

Malicious software appearing to come from an advertising company in China is capable of infecting Apple Inc.’s mobile devices, according to researchers at Palo Alto Networks Inc.

YiSpecter malware mostly affects Apple mobile users in China and Taiwan by downloading applications that remain hidden from view, the researchers wrote. The code can infect iPhones and iPads that have been “jailbroken,” or unlocked to skirt software and hardware restrictions, and those that haven’t been modified.

YiSpecter is at least the second malware unveiled in the past month to target applications for Apple devices after XcodeGhost was found to secretly collect information and report data back to a central server. By infecting phones that aren’t jailbroken, attackers are able to bypass Apple security measures intended to limit the spread of malicious code.

“Whether an iPhone is jailbroken or not, the malware can be successfully downloaded and installed,” the researchers wrote. “Even if you manually delete the malware, it will automatically re-appear.”

The code can be downloaded through corporate application installations and when Internet traffic is intercepted and replaced by network service providers, they said.

YiSpecter began spreading as early as November 2014 and may open up a full-screen advertisement on a device when a normal app is opened, according to Palo Alto Networks.

Carolyn Wu, a Beijing-based spokeswoman for Apple, wasn’t immediately able to comment on the report Monday, which is a public holiday in China.

XcodeGhost can be remotely controlled by attackers and used to install apps directly to a device without permission, read contents of its clipboard, and trick the user into providing their iCloud password, the researchers wrote last month.

While similar, YiSpecter was likely developed by a different organization and has the added ability to install applications while hiding the icon from the device’s screen to avoid detection, the Palo Alto Networks researchers wrote.

Before it's here, it's on the Bloomberg Terminal.