While most users download Viber directly from the Apple App Store for automatic installation, there are manual ways to install the .ipa file, often used for testing or sideloading:
Using tools like AltStore, SideStore, or TrollStore (depending on iOS version), users sideload viber.ipa to install Viber without the App Store — perhaps on an older device, or to keep an older version that still works with jailbreak tweaks.
Chen spent the next 48 hours without sleep. He extracted a second layer—an ARM64 binary hidden in the app’s encryption module. It wasn’t Viber’s code. It was a custom hypervisor, a tiny virtual machine that could run inside iOS’s sandbox. It didn’t call home. It didn’t leak data. Instead, it listened.
If a malicious or modified viber.ipa is found on a device, the following artifacts are relevant: