iOS/Restiy.A!tr
Analysis
iOS/Restiy.A!tr is a detection for a malicious iOS phone app. It has been found distributed in apps named "HYQvod" and "Dapian".
Below are examples of its behaviors:
- Download and installation of other malicious apps "NoIcon", "ADPage" and "NoIconUpdate"
- Can upload device information and display advertisements
- Can change safari browser configuration
- Can replace existing apps on victim's phone with fake and compromised versions of those app
Recommended Action
- FortiGate Systems
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
FortiClient Systems
- Quarantine/delete files that are detected and replace infected files with clean backup copies.
Telemetry
Detection Availability
FortiGate | |
---|---|
Extreme | |
FortiClient | |
Extended | |
FortiMail | |
Extended | |
FortiSandbox | |
Extended | |
FortiWeb | |
Extended | |
Web Application Firewall | |
Extended | |
FortiIsolator | |
Extended | |
FortiDeceptor | |
Extended | |
FortiEDR |