Skip to content

S0311 YiSpecter

YiSpecter iOS malware that affects both jailbroken and non-jailbroken iOS devices. It is also unique because it abuses private APIs in the iOS system to implement functionality. 1

Item Value
ID S0311
Associated Names
Version 1.1
Created 25 October 2017
Last Modified 11 December 2018
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
mobile T1476 Deliver Malicious App via Other Means YiSpecter‘s malicious apps were signed with iOS enterprise certificates issued by Apple to allow the apps to be installed as enterprise apps on non-jailbroken iOS devices.1


Back to top