Mobile VirusiOS/Restiy.A!tr
Analysis
iOS/Restiy.A!tr is a detection for a malicious iOS phone app. It has been found distributed in apps named "HYQvod" and "Dapian".
Below are examples of its behaviors:
- Download and installation of other malicious apps "NoIcon", "ADPage" and "NoIconUpdate"
- Can upload device information and display advertisements
- Can change safari browser configuration
- Can replace existing apps on victim's phone with fake and compromised versions of those app
Recommended Action
- FortiGate Systems
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
FortiClient Systems
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
| FortiGate | |
|---|---|
| Extreme | |
| FortiClient | |
| Extended | |
| FortiMail | |
| Extended | |
| FortiSandbox | |
| Extended | |
| FortiWeb | |
| Extended | |
| Web Application Firewall | |
| Extended | |
| FortiIsolator | |
| Extended | |
| FortiDeceptor | |
| Extended | |
| FortiEDR |