Researchers claim to have found a new strain of malware that can infect a large pool of iPhone and iPad devices. The iOS malware, dubbed AceDeceiver, is said to affect non-jailbroken devices without the user’s knowledge. Apple has reportedly pulled three apps from the App Store that were believed to be from the AceDeceiver family.
AceDeceiver was designed to exploit a flaw in Apple’s FairPlay digital rights management (DRM) protection mechanism, reports security firm Palo Alto Networks. The DRM technology protects unauthorised download of apps and other content on the company’s App Store by authenticating the purchase. The researchers say that there’s a flaw in the authorisation process, which vicious minds behind AceDeceiver exploited.
The attackers were able to intercept a special code required by Apple for authorisation and used a compromised Windows application called Aisi Helper to simulate iTunes to trick iOS device into believing that the app or any other content was purchased from Apple’s store. Attackers would then silently install AceDeceiver to the iOS device. Three compromised apps were uploaded to the App Store between July 2015 and February 2016, reports Palo Alto Networks.
“AceDeceiver is the first iOS malware we’ve seen that abuses certain design flaws in Apple’s DRM protection mechanism — namely FairPlay — to install malicious apps on iOS devices regardless of whether they are jailbroken,” Claud Xiao, a security researcher from Palo Alto Networks wrote in a blog post.
This is not the first iOS malware that we have seen in the recent times. Researchers found a strain of malware called YiSpecter that targeted jailbroken as well as non-jailbroken devices in Taiwan and China. The app, however, leveraged private APIs that are signed with enterprise certificates to look authentic.
As for AceDeceiver, Palo Alto Networks note that only users in China seem to be affected for now. However, it adds, that with slight tweaks, users in other regions can also be targeted.
“Our analysis of AceDeceiver leads us to believe FairPlay MITM attack will become another popular attack vector for non-jailbroken iOS devices – and thus a threat to Apple device users worldwide,” Xiao said.