+ private api exploitation (Mobile)

From ema
Jump to navigation Jump to search
EMA ID: ema-1020
Description: On iOS, private APIs can be abused in the iOS system to implement malicious functionalities.

Such malware can download, install and launch arbitrary iOS apps, replace existing apps with those it downloads, hijack other apps’ execution to display advertisements, change Safari’s default search engine, bookmarks and opened pages, and upload device information to a C2 server.

The malware uses tricks to hide its icons from iOS’s SpringBoard, which prevents the user from finding and deleting it. The components also use the same name and logos of system apps to trick iOS power users.

Associated Capabilities/Subcapabilities: Capability.png Persistence

Notes: YiSpecter (October 2015)

http://researchcenter.paloaltonetworks.com/2015/10/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/ https://www.theiphonewiki.com/wiki/Malware_for_iOS#YiSpecter_.28October_2015.29

Associated With + private api exploitation (Mobile)
No results