14 DAY TRIAL // Palo Alto Networks has discovered a new iOS trojan that targets jailbroken devices and covertly installs unwanted applications on infected handsets.
The company identifies this new trojan under the name of TinyV, and researchers saw their first TinyV samples during the month of October 2015.
Right now, the company is reporting that only users living in China are currently affected by this threat and that the people behind TinyV have recently started a more aggressive campaign.
The trojan only targets jailbroken devices, and infection occurs via applications installed from unofficial app stores or third-party websites.
Palo Alto says it detected TinyV distributed via apps like "Watermelon Player (西瓜播放器)," "Youku (优酷)," "iQiYi (爱奇艺)," along with a few other more. The Watermelon Player app is found on its official website at xigua[.]com, while Youku and iQiYi seem to be repackaged versions of legitimate apps, redistributed via websites like iosqgg[.]com and piqu[.]com.
According to a technical write-up from Palo Alto's staff, the trojan is unique in its behavior, using a combination of code hooks, APIs, PLIST tricks, and malicious code retrieved via hidden downloads to gain boot persistence and then secretly install unwanted applications on the user's iOS device.
Palo Alto reports that TinyV is currently employed to push the XZ Helper (协奏助手) application on infected devices.
For the millionth time, we're going to recommend that iOS users don't install any kind of apps from outside the Apple Store. Also, it would be a good idea to refrain from jailbreaking iOS devices unless necessary.
![iosqgg[.]com website distributing TinyV-infected apps](https://news-cdn.softpedia.com/images/news2/tinyv-trojan-takes-aim-at-jailbroken-ios-devices-497708-3.jpg "iosqgg[.]com website distributing TinyV-infected apps")
![piqu[.]com website distributing TinyV-infected apps](https://news-cdn.softpedia.com/images/news2/tinyv-trojan-takes-aim-at-jailbroken-ios-devices-497708-4.jpg)