YiSpecter & Internet Traffic Hijacking


The latest on the YiSpecter malware – a malicious code capable of infecting non-jailbroken iOS devices – presents an interesting dilemma. Not only does it conclusively dispel the notion that a device’s official factory configuration insulates it from software abuses, but it also raises a whole new specter of concern resulting from the methods by which such malware makes its way to our phones.

Say hello to Internet traffic hijacking.

One of the methods through which YiSpecter infiltrates user devices (according to the analysis done by Unit 42 of Palo Alto Networks) is via Internet traffic hijacking attacks.

With this approach, when a user searches for an app and is met with a link to a legitimate store, the traffic is hijacked and directed to an alternative path featuring a tampered version of the app. Without realizing, many users then proceed with installation of the tampered app.

DNS hijacking and Internet traffic hijacking attacks are just two of the methods through which compromised apps proliferate. These apps may pass the eyeball test but, behind the scenes, operate as spyware, a key-logger or any other permutation of malicious software.

Risks To Your App

Defacing & Phishing

Once hijacked, the attacker can make various changes to the flow or UI of the app, some of which include defacing of HTML content and phishing attacks. These vandalisms either route the user to the wrong host, or present content the developer didn’t intend to present.

App Tampering

In conducting vulnerability assessments, it’s plain to see that many applications are not properly implementing anti-tampering mechanisms. When apps neglect to build in fortifications against tampering, it becomes much easier for a malicious third-party to modify app behavior, inject code, or add certain silent behaviors which expose data or business logic.

The most sophisticated of these attacks manage to inflict their damage through complete silence. The app’s user may never notice the infection and may not even be the target of the attack. With banking or financial apps – for example – the hacker may be after some business logic that governs app protocol, in order to attack the backend/endpoint.

Risks To Your Users/Data

As an app owner, even it’s not your app that ‘s compromised, if a malware like YiSpecter ends up on your end user’s device, it can gain access to your application sandbox and – through it – your user’s data.

Last week, in her article on ComputerWeekly.com, Beverley Head outlined the situation of the Australian health sector, which is facing attacks targeting healthcare records, each of which is sold on the black market for A$1000.

Say spyware ends up on a device with a Point of Care app, if the data at rest includes unencrypted medical records, it makes for a very problematic situation.

Are You Equipped To Deal With All These Threats?

Many of the mobile app developers are focused on app usability and functionality. Defacing, phishing, encryption and similar terms are gibberish to them, and they expect the OS to do a good enough job of protecting them and their users.

With the recent rise in mobile attacks, it’s clear that mobile applications dealing with financial information, medical records, or even just PII information can no longer ignore the risks. Still, this doesn’t mean that your developers need to become security experts.

One of the most promising technological solutions for app protection is Fusion. Fusion allows developers to focus on developing functional apps and takes the weighty issue of security off their plate, by applying a post-dev security layer.

Have a Security Project?

We Can Help!

AviMaking your security project a success!
By filling out this form, you opt-in to recieve emails from us.

Quick Links for This Blog

Want to learn more?

Build What You Love Automate What You Don’t

Drop us a line and keep in touch