Gone are the days when iOS malware reports were a rare thing. Following a wave of malware attacks on the iPhone and iPad – including a massive App Store hack and an Apple ID theft operation – a new security report reveals there’s dangerous malware in the wild that can harm any iPhone, iPad or iPod touch regardless of whether they’re jailbroken or not.

DON’T MISS: Report claims Surface Pro 4 has a killer feature iPad users can only dream of

Called YiSpecter, the malware app was discovered by security company Palo Alto Networks, the same entity that first detailed the XcodeGhost hack.

YiSpecter can infiltrate any iOS device via a variety of means, posing as a genuine Apple-signed app once installed. Once on your iOS device, the app can then make itself invisible to the user by disguising itself as an actual iOS app, or hiding itself from the home screen – which means the user has no means of deleting it.

“On infected iOS devices, YiSpecter can download, install and launch arbitrary iOS apps, replace existing apps with those it downloads, hijack other apps’ execution to display advertisements, change Safari’s default search engine, bookmarks and opened pages, and upload device information to the C2 [command and control] server,” the researchers revealed.

Even if manually deleted, the malware will automatically re-appear.

There are many ways of installing YiSpecter on the phone, including hijacking traffic from nationwide ISPs, a worm on Windows, offline app installations, and community promotions. The app takes advantage of Apple’s enterprise certificates that are used to sign four app components to fool the operating system into believing it’s a genuine app.

Palo Alto Networks has devised a way of removing the malware app and additional apps that it may have installed, but you might require third-party programs that give you access to the phone’s file system – check it out below:

  • In iOS, go to Settings -> General -> Profiles to remove all unknown or untrusted profiles;
  • If there’s any installed apps named “情涩播放器”, “快播私密版” or “快播0”, delete them;
  • Use any third-party iOS management tool (e.g., iFunBox, though note that Apple’s iTunes doesn’t work in this step) on Windows or Mac OS X, to connect with your iPhone or iPad;
  • In the management tool, check all installed iOS apps; if there are some apps have names like Phone, Weather, Game Center, Passbook, Notes, or Cydia, delete them. (Note that this step won’t affect original system apps but just delete faked malware.)

UPDATE: Apple checks in to say that this issue has been fixed starting with iOS 8.4. Here is the company’s full statement:

 This issue only impacts users on older versions of iOS who have also downloaded malware from untrusted sources. We addressed this specific issue in iOS 8.4 and we have also blocked the identified apps that distribute this malware. We encourage customers to stay current with the latest version of iOS for the latest security updates. We also encourage them to only download from trusted sources like the App Store and pay attention to any warnings as they download apps.

Comments