Capabilities of YiSpecter Malware
- Install unwanted apps
- Replace legitimate apps with ones it has downloaded
- Force apps to display unwanted, full-screen ads
- Change bookmarks as well as default search engines in Safari
- Send user information back to its server
- Automatically reappears even after a user manually deletes it from the iOS device
"Whether an iPhone is jailbroken or not, the malware can be successfully downloaded and installed," the researchers wrote in a blog post on Monday. "Even if you manually delete [YiSpecter], it will automatically re-appear."
Vectors of YiSpecter malware
- Hijacked Internet traffic from ISPs
- A Windows worm that first attacked the Tencent's instant messaging service QQ
- Online communities where people install third-party applications in exchange for promotion fees from app developers
How to Remove YiSpecter from Your iOS Devices?
- Head on to Settings –> General –> Profiles and remove all unknown or untrusted profiles.
- Delete any installed apps with names 情涩播放器, 快播私密版 or 快播0.
- You can use any third-party iOS management tool such as iFunBox on Windows or Mac OS X to connect with your iPhone or iPad
- Then check for installed iOS apps like Phone, Weather, Game Center, Passbook, Notes, or Cydia and delete them. (Note: this will not affect original system apps but just delete the fake malware apps)