shutterstock_218424391

The iPhone may be a crowd pleaser in China, but it’s fast running into trouble with the country’s love of black market apps. A third major iOS malware threat has been reported in just six weeks.

Cybersecurity firm Palo Alto Networks identified the latest malware called ‘YiSpecter’, which has the ability to remove and download apps, add full screen advertisements to apps, retrieve user data and change browser settings and bookmarks.

According to Palo Alto Networks the virus has primarily affected Chinese and Taiwanese users who have used a modified version of the QVOD media player, a well known service in China for streaming pirated videos and porn. The virus attacks and abuses private APIs, allowing it to implement control over various functionalities within the iOS system.

Kuaibo, the company that developed QVOD, was investigated by police in April 2014 and subsequently shut down. The attackers who released YiSpecter claimed their app, dubbed QVOD “private” or “version 5.0” was a genuine alternative of the retired QVOD. Mirror applications are common in China’s app stores, mostly hacks of paid apps and restricted apps.

Surprisingly, the malware apparently affects both jailbroken and non-jailbroken phones. While attacks both globally and in China have tended to favor jailbroken devices, there has been an increasing number malignant wares that have been indiscriminate.

The virus has been operational since at least November 2014, but has only just been picked up. It’s the latest in a string of malware targeted at iOS users, particularly in China. The country has a well developed culture of piracy and black market app stores due in part to their geopolitical isolation from other consumer markets.

While a majority of China’s smartphone users run Android, the app store market is fragmented and prone to attacks. Despite having an operational iOS store, users continue to source restricted and free-version apps elsewhere.

Two weeks ago up to 40 apps including Didi Kuaidi, WeChat and Net Ease Music revealed they had been targeted by a wide-scale malware threat called XcodeGhost, which also originated in China. The breach was made when developers used unauthorized versions of the iOS developer toolkit’s Xcode, forcing Apple to remove affected apps from their store.

At the beginning of September, malware dubbed “KeyRaider” stole over 225,000 iOS account login credentials in a wide-scale breach that mostly targeted Chinese users. At the time some users reported that their devices had been effectively held for ransom by malignant agents.

Image Credit: Lewis Tse Pui Lung / Shutterstock.com