Malware is abusing enterprise code signing to trick the user into installing a malicious app. The main infection point is through social engineering. The malware is abusing a signed enterprise certificate of Beijing Yingmob Interaction Technology Co., ltd. to deploy the malware. Zimperium created a command line tool for OSX and Windows to remove any known instances of YiSpecter. It appears ISPs are helping to spread out this malware we could not verify this claim at this time.”]
Source: https://blog.zimperium.com/zyiremoval-free-tool-to-remove-yispecter/