The new iOS malware dubbed as “AceDeceiver” was discovered by security firm Palo Alto Networks, which said it is targeting non-jailbroken iDevices via a flaw in Apple’s DRM mechanism.
Advertisement
Currently, the malware has only been spotted in China, but Palo Alto Networks warns that with small configuration tweaks (mostly location settings) it could affect US iPhone users as well. But via an attack technique called FairPlay Man-in-the-Middle (MITM), hackers can install malicious apps on iOS devices without a victim’s knowledge while at the same time bypassing Apple’s other security measures.
The scam exploits problems with Apple’s FairPlay digital rights management tech, which is meant to stop pirated apps landing on iPhones.
Apple allows users purchase and download iOS apps from their App Store through the iTunes client running in their computer. However, according to Xiao, this is the first time the MITM technique has been used to spread malware. When they want to install this app, the user, using iTunes installed on his computer, will request and receive an authorization code from Apple, to install the app on one of his devices.
Since FairPlay will block these apps from being installed on the device, the crooks also needed authorization codes from Apple’s App Store for their malicious apps, infected with AceDeceiver.
An iOS device that hasn’t been jailbroken, and that hasn’t had its security restrictions removed, should only be able to run apps downloaded from the App Store or installed through the iTunes software from users’ PCs.
“What makes AceDeceiver different from previous iOS malware is that instead of abusing enterprise certificates as some iOS malware has over the past two years, AceDeceiver manages to install itself without any enterprise certificate at all”, Palo Alto says in a blog post.
Apple has been hit by another iOS malware attack, with Chinese users once again the target of a malicious bug aimed at compromising user security.
Palo Alto reported the issue to Apple in late February, but it’s not clear whether there’s a permanent solution in the works.
Advertisement
The malware has been found existing under the product name of Aisi Helper, which is a Windows software program that claims to provide iOS-related services like jailbreaking, re-installation, system back-up and device management. Researchers found a strain of malware called YiSpecter that targeted jailbroken as well as non-jailbroken devices in Taiwan and China.
