http://www.theregister.co.uk/2015/10/05 ... one_apple/
On infected iOS devices, YiSpecter can download, install and launch arbitrary iOS apps, replace existing apps with those it downloads, hijack other apps’ execution to display advertisements, change Safari’s default search engine, bookmarks and opened pages, and upload device information to the C2 [command and control] server.
Whether an iPhone is jailbroken or not, the malware can be successfully downloaded and installed. Experience from victims suggests that even if you manually delete the malware, it will automatically re-appear. Manually removing YiSpecter is tricky but possible, according to Palo Alto, which has published some instructions.
iOS had remained (almost) malware-free for years. However YiSpecter is the latest of a relatively small but growing collection of malware families to target iOS devices. WireLurker previously demonstrated the ability to infected non-jailbroken iOS devices by abusing enterprise certificates. Academic researchers have discussed how private APIs can be used to implement sensitive functionalities in iOS. YiSpecter is the first real world iOS malware that combines these two attack techniques, according to Palo Alto.
Palo Alto Networks has released IPS (intrusion prevention system) and DNS signatures to block YiSpecter’s malicious traffic. Apple has also been notified about the outbreak.