+ private api exploitation (Mobile)
|Description:||On iOS, private APIs can be abused in the iOS system to implement malicious functionalities.
Such malware can download, install and launch arbitrary iOS apps, replace existing apps with those it downloads, hijack other apps’ execution to display advertisements, change Safari’s default search engine, bookmarks and opened pages, and upload device information to a C2 server.
The malware uses tricks to hide its icons from iOS’s SpringBoard, which prevents the user from finding and deleting it. The components also use the same name and logos of system apps to trick iOS power users.
|Associated Capabilities/Subcapabilities:|| Persistence
|Notes:||YiSpecter (October 2015)