Now, we're given news of more malware, but fortunately for those outside of Asia, it looks like there's no reason for concern. However, this malware is able to affect non-jailbroken devices, so it is still a topic that needs to watched very closely.
Palo Alto Networks dubs this new malware YiSpecter, and as mentioned, it can affect stock devices (and jailbroken ones alike). Interestingly, it's the first malware the company's noted that abuses private APIs in iOS in order to get its job done. So far, the firm says that only users in China and Taiwan have been affected.
One of YiSpecter's attack vectors is through traffic hijacking
Another reason for concern is the fact that this malware can be installed with the help of traffic hijacking, an SNS worm on Windows, offline app installation, and community promotion. The firm notes that as of today, Virus Total, a Web service that scans files from myriad virus scanners, only returns one detection (out of 47).
Because YiSpecter can take advantage of system APIs, it can pull off a number of different tasks, including replacing installed apps with infected ones, installing unique apps that it can hide from view, change Safari's default search engine, show advertisements, and so forth. Generally speaking, this would be a serious nuisance, and it's one that's taken about ten full months to discover.
Part of this malware, NoIcon, used an enterprise certificate
Palo Alto Networks notes that there exist 100 apps in the official App Store that abuse private APIs in much the same way as this malware, and despite Apple's strict code review, they've still managed to get through.
It's not mentioned whether or not Apple is on the case of squashing whatever bug allows these exploits to happen, but the company typically wastes no time on these things. Given what this malware can do, we'd have to imagine this time will be no different. If you want to read some serious depth into YiSpecter, be sure to hit up the link below (you might need two cups of coffee to finish).