YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs

posted by: on October 4, 2015 6:00 PM

filed in: Malware, Threat Prevention, Unit 42
tagged: , , , , , , , ,


We recently identified a new Apple iOS malware and named it YiSpecter. YiSpecter is different from previously seen iOS malware in that it attacks both jailbroken and non-jailbroken iOS devices through unique and harmful malicious behaviors. Specifically, it’s the first malware we’ve seen in the wild that abuses private APIs in the iOS system to implement malicious functionalities. …Continue reading

More Details on the XcodeGhost Malware and Affected iOS Apps

posted by: on September 21, 2015 2:30 PM

filed in: Malware, Threat Prevention, Unit 42
tagged: , , , ,

A few days ago, we investigated a new malware called XcodeGhost that modifies Xcode, infects iOS apps and is seen in the App Store. We also found more than 39 iOS apps were infected, including versions of some pretty popular apps like WeChat or Didi, potentially affecting hundreds of millions iOS users. We also analyzed XcodeGhost’s remote control functionalities that can be used by attackers to phish or to perform further attacks. In this post we will discuss a few more details since learned about XcodeGhost and its behavior.

Actions to Stop the Attack

Since our post on September 18, Palo Alto Networks has cooperated with Apple, Amazon and Baidu to share samples, threat intelligence and research. All of them have taken actions to stop the attack or to mitigate the security threat. …Continue reading

Malware XcodeGhost Infects 39 iOS Apps, Including WeChat, Affecting Hundreds of Millions of Users

posted by: on September 18, 2015 11:05 AM

filed in: Malware, Threat Prevention, Unit 42
tagged: , , , ,

Yesterday we posted an analysis report on a novel malware XcodeGhost that modifies Xcode IDE to infect Apple iOS apps. In the report, we mentioned that at least two popular iOS apps were infected. We now believe many more popular iOS apps have been infected, including WeChat, one of the most popular IM applications in the world. …Continue reading

Older posts →