| ID | X0024 |
| Aliases | None |
| Platforms | iOS |
| Year | 2015 |
| Associated ATT&CK Software | YiSpecter |
YiSpecter is Apple iOS malware that can download, install and launch arbitrary iOS apps, replace existing apps with those it downloads, hijack other apps’ execution to display advertisements, change Safari’s default search engine, bookmarks and opened pages, and upload device information to a C2 server. It uses tricks to hide its icons from iOS’s SpringBoard, which prevents the user from finding and deleting it. The components also use the same name and logos of system apps to trick iOS power users. [1]
| Name | Use |
|---|---|
| Install Additional Program | Can download and install arbitrary iOS apps. [1] |
[1] http://researchcenter.paloaltonetworks.com/2015/10/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/