Like a tame episode of Mr. Robot, the malicious malware dubbed YiSpector spread fear and loathing amongst Apple users in Taiwan and China earlier this week. YiSpector has the ability to worm through security built into iOs on iPhones and iPads.
Palo Alto Networks reported the malware last Sunday, which apparently only affects users in China and Taiwan. One of the reported ways the malware is downloaded is via a “sexy” video app in pop-up advertisements.
YiSpector can download, install, replace and launch ads and apps on iPhones and iPads. Worst of all, it has the ability to upload user information to remote servers.
Apple weighed in on the issue on Monday, advising everyone to stay updated with their iOS software and only download apps from trusted sources.
“This issue only impacts users on older versions of iOS who have also downloaded malware from untrusted sources. We addressed this specific issue in iOS 8.4 and we have also blocked the identified apps that distribute this malware,” it said in a statement on The Loop.
In other words, people with newer iPhones running iOS 8.4 or iOS 9 are safe. Apple also advises users to download only from trusted sources like its App Store.
Concerned users have been popping up on various forums in China and on Weibo to weigh in on how something like this could happen and giving their two cents on Apple’s security system.
The comments ranged from lighthearted to concerned. One thread opened with:
“[Android] users, there’s no need to worry, worry, worry .” To which user limo317 replied:“Hackers are not interested in the 1 percent.”
Salibra gives e27 the low down:
Here are the edited excerpts:
Simply, how does malware like YiSpector work?
Apple has two developer programs for people or companies making apps. The “normal” one, which people who put apps in the App Store use, and an “enterprise” developer program.
The enterprise developer program lets you make an app you can run on any iPhone by just emailing it or downloading it from the Internet.
It is intended for big companies that make an app for their own employees, so that their employees can install on their iPhones without having to put the app in the App Store. (Which they wouldn’t want to do because sometimes big companies make apps that they don’t want competitors or the public to know about.)
[In this situation], it appears some bad guys joined the program and created a bad app. They then signed it with their enterprise developer account credentials, which means they could put it up on a website and it would get installed if they could trick people into clicking on a link.
Is this something that is particularly more prominent in China, as people have the tendency to go around loopholes and download stuff randomly? (I’m guilty as charged!)
You’re right on as to why it would spread in China. There’s an embedded culture and acceptance of having to do things outside of official channels to get things done. And this has spilled over to technology.
Apple has since issued a statement where they said the identified app was blocked. Should people still be worried? Can this spread elsewhere?
As long as people make sure to not jailbreak their phones and only install apps from Apple’s App Store they shouldn’t be worried.
I suspect Apple will increase scrutiny of companies that apply for the enterprise developer program, so I don’t think we’ll see this particular type of malware again in the near future.
This type of malware could happen anywhere though. It’s simply a matter of understanding how users behave and tricking them into installing something they shouldn’t.