Certainly, the terminals at the apple increasingly interested hackers. After discovering February 4 by the experts of IT security firm Trend Micro first called spyware “XAgent” exploiting vulnerabilities on non-Apple phones unbridled (called “non jailbroken”), it is the turn of the unit Research 42 IT security company Palo Alto Networks released Sunday, October 4 an alert on a new malware ( malware ) affecting iPhones trade.
Called ” YiSpecter “, he attacks indiscriminately Trade iPhones sold with the official operating system of Apple iOS and those who were unrestrained. Apple, which has recognized the existence of this malware, said Monday, Oct. 5 that users of iOS 8.4 and iOS 9 were now protected. The peculiarity of this program – which is active for more than 10 months in Taiwan and mainland China where he would come – is to use loopholes which was thought not to be exploited, and spread in new ways, according . Palo Alto Networks
Read also: The business of “zero day”, these unknown vulnerabilities in software makers
A functioning and spread unreleased
Diverting some own programming interfaces to iOS operating system, this new form of malware are no signs anything good for the future of mobile devices with apple according to security firm Originally discovered: “This is the first malware that we have seen outstanding abusing APIs [application programming interfaces] Private in the iOS system to implement functionality malicious “.
In propagating alone or with” Lingdun “a worm on Windows (which takes care of sending malicious links YiSpecter downloading all their contacts) or by hacking WiFi connections housings of Internet service providers, this new variant of malware the California company concerned. Its four components, all authenticated certificates of actual companies from companies like Verisign or Symantec, settled so stealthy on iPhones, hiding its programs, but also by duplicating the names and logos of the system icons (Game Center, Weather, Notes, PassBook, Phone, etc.), trapping even the most advanced users.
Once installed, YiSpecter can download, install and run in emulation of the App applications Store, but also change by displaying full-screen advertisements for example. It also allows users to collect data, particularly those used in the Safari web browser. If it is discovered, its removal by conventional method will not work because it reinstalls automatically after a system reboot. Finally, some hope the antivirus side, which still does not detect its presence on infected devices.
Some malware with unclear origins
Some evidence identified by Palo Alto Networks converge suspicions to “YingMob”, a Chinese mobile advertising business storefront, which would have programmed and distributed it malware for advertising purposes, hesitating not to make his promotion to the big day. But the complexity and methods of propagation YiSpecter may conceal more opaque subject.
Already last month, 344 official iOS applications present in the App Store, Apple’s application store , had been removed urgently because infected with malware “XcodeGhost” discovered Wednesday, September 16th by the security teams of the Chinese group Alibaba. The origin of the malware is still uncertain, but the methods used are very similar to programming techniques employed by the CIA – according to documents published in March by The Intercept .
early September, it was the malware “KeyRaider” also discovered by the company Palo Alto Networks, which was about him: according to the security firm, more than 225,000 accounts and Apple IDs . have been stolen, only on iPhones & iPads unbridled
The American security firm is also responsible for the fall of a myth: it is she who announced there less a year, in November 2014, the discovery, still in China, “Wirelurker”, the first malware iPhone involving non unbridled phones. Since it is not a month goes by without a new warning of mobile devices Apple is launched.
No comments:
Post a Comment