Meet AceDeceiver, An iOS Malware That Can Infect Hundreds Of Millions Of Non-Jailbroken iPhones And iPads

Hackers have found a new way to infect Apple devices.

Meet AceDeceiver, an iOS malware which can infect several non-jailbroken iDevices, specifically iPhones and iPads.

Security firm Palo Alto Networks unearthed the new family of iOS malware affecting factory-configured iPhones and iPads.

"What makes AceDeceiver different from previous iOS malware is that instead of abusing enterprise certificates as some iOS malware has over the past two years, AceDeceiver manages to install itself without any enterprise certificate at all," says Claud Xiao in a blogpost published on the company's website on Wednesday.

Xiao says the trojan is exploiting a flaw in the design of the Digital Rights Management (DRM) mechanism.

From July 2015 through February 2016, three iOS apps, which were packed with AceDeceiver malware, were uploaded to the App Store. These apps disguised as being wallpaper apps.

PaloAlto already reported the discovered malware to Apple on Feb. 26. Apple then removed these malicious iOS apps in response to the security company's report.

The technique employed in installing the malware on non-jailbroken iDevices is dubbed "FairPlay Man-In-The-Middle (MITM)." Through this attack technique, hackers are able to install the trojan without the knowledge of the users while at the same time bypassing the security measures of Apple.

"In the FairPlay MITM attack, attackers purchase an app from App Store then intercept and save the authorization code," explains Xiao. "They then developed PC software that simulates the iTunes client behaviors."

He adds that the hacker then tricks the iPhone or iPad into believing that the app was bought by the victim.

While the technique has been used as early as 2013 in spreading pirated iOS apps, this is the very first time this is employed in spreading a particular malware.

Although AceDeceiver only impacts users of iPhones and iPads in the mainland China, Xiao believes that there is a big chance the hackers could also target those who are living in other regions of the world.

Before the malware spreads to other parts of the globe, hopefully the Cupertino-based company will do something to prevent such attack from affecting more of its devices' users.

Last year, Palo Alto Networks also uncovered YiSpecter, another malware designed to exploit private APIs in iOS. Most victims of the trojan were Taiwanese and Chinese iPhone users. But in October, Apple already officially addressed this iOS malware.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics