Chinese iPhone users targeted in latest App Store security breach
HONG KONG — Following a major attack on the iTunes App Store last month, security researchers have warned that iPhone and iPad users in China and Taiwan are still at risk from malicious software.
According to Palo Alto Networks’ Unit 42 research team, a new malware family, dubbed YiSpecter, can affect both jailbroken and non-jailbroken Apple devices, meaning that all iOS users are potentially vulnerable.
“Attackers are finding more and more ways to attack the iOS ecosystem nowadays because it is so lucrative,” said Claud Xiao, a senior security researcher with Unit 42.
YiSpecter targets Chinese-speaking users by, for example, encouraging them to download a “porn browser,” or through mobile internet advertisements that asked users to install an app to see extra content.
Once on a user’s device, the malware quickly downloads extra apps, and hijacks existing ones, hiding them from the user’s homescreens so they cannot delete the malware, even if they know it’s there.
Apple has maintained a strong reputation for the security of its mobile operating system, especially when compared to Android. According to the most recent Symantec Internet Security Threat Report, almost 1 million Android apps, or 17% of the total, were infected by viruses.
That reputation has come under threat recently however. In September, Apple had to remove 39 apps from the official store after they were found to be infected with malware through a modified version of Apple’s software development kit, Xcode.
Among the infected apps was WeChat, the super-popular Chinese mobile messaging app used by 600 million people.
Xiao said that Unit 42 has since detected more than 100 apps that contain code not-approved by Apple that had bypassed its strict review process.
Unit 42 has notified Apple of its findings, and users who are running the latest version of iOS should be safe, Xiao said. But he warned that the method of delivering the malware itself is still effective, and there was no reason why the attackers could not update their code to target iOS 9 users.
“The world where only jailbroken iOS devices were threatened by malware is a thing of the past,” Unit 42 said in its report.
Apple did not respond to a request for comment.
By James Griffiths