“Zimperium has released a tool to help iOS users that have been infected with the recently spotted YiSpecter advertising malware remove the threat from their devices.
The tool is called zYiRemoval. It’s a command line tool that needs to be installed on a computer (an OS X and a Windows version are available, and will be updated regularly).
After connecting the infected iOS device to the computer, the tool needs to be executed from the terminal.
The tool then searches for the malicious apps associated with the threat: HYQvod, DaPian, NoIcon, ADPage, NoIconUpdate, and others.
Even though by now Apple must have also revoked the iOS enterprise certificates abused by the malware to bypass Apple’s Gatekeeper, the tool also searches for the profiles planted by the malware: Changzhou Wangyi Information Technology Co., Ltd., Baiwochuangxiang Technology Co., Ltd., and Beijing Yingmob Interaction Technology Co., Ltd.
Once all these things are found, the users are instructed to remove them.
“Do not install profiles from unknown developers be extra careful when typing your pin-code: iOS asks you to type your pincode before installing new profiles,” Zimperium researchers finally warned.
Before installing the app, it might be a good idea to update your OS to the latest version (currently v9.0.2).
In the initial blog post revealing the malware’s existence, Palo Alto Networks researchers have also shared instructions on how the malicious apps and profiles can be removed manually.”