AceDeceiver is the new iOS Trojan, which can infect any non-jailbroken iOS devices through personal computers by bypassing an enterprise certificate. Palo Alto Networks first found this malware, and the Trojan is now causing problems for iOS users in China.
The malware employs the technique called “FairPlay Man-in-the-Middle,” which has been used to spread pirated iOS apps earlier by using spurious iTunes software and fake authorization codes. AceDeceiver corrupts any iOS device by exploiting some flaws in FairPlay, which is a digital rights management (DRM) system of Apple.
iOS Trojan “AceDeceiver” Avoids Apple’s DRM To Inject Malware
“Apple allows users purchase and download iOS apps from their App Store through the iTunes client running on their computer. They then can use the computers to install the apps onto their iOS devices. iOS devices will request an authorization code for each app installed to prove the app was actually purchased. In the FairPlay MITM attack, attackers purchase an app from App Store then intercept and save the authorization code.
They then developed PC software that simulates the iTunes client behaviors, and tricks iOS devices to believe the app was purchased by victim. Therefore, the user can install apps they never actually paid for, and the creator of the software can install potentially malicious apps without the user’s knowledge.”
The official iOS App Store has seen three AceDeceiver iOS apps uploaded from July 2015 to February 201; these apps were posed as wallpaper apps and provided attackers with phony authorization codes to use in the AceDeceiver attacks.
Chinese users have earlier installed “Aisi Helper”, which is a Windows iPhone management app, which claimed to offer services like system backup and cleaning. This Aisi Helper began to install some malicious iOS apps on the connected devices. The third-party apps offered some free content to lure users into providing their Apple IDs and passwords; the information was then uploaded to the AceDeceiver server.
There were many apps hackers have used to get the authorization codes, and Apple removed the AceDeceiver iOS apps from its App Store in February. However, the malicious attacks are still active as hackers still have authorization codes which can install spurious apps on any iOS device.
At present, AceDeceiver has affected users only in China, but this or similar malware can spread its tentacles to other regions, according to Palo Alto Networks. The crafty malware has not been repaired yet; moreover, what is more, dangerous is the fact that AceDeceiver can infect older iOS versions even if it is repaired.
How to Avoid iOS Trojan “AceDeceiver” That Injects Malware
As a solution, users are advised to remove AceDeceiver immediately and change Apple ID passwords as soon as possible. Experts opine that users should not download any suspicious software in future.