A new malware which made its way into Apple’s App store which was able to infect any iOS device, whether it is locked or unlocked(Jailbreak).
The research center of Palo Alto Networks has discovered a new malware capable of infecting any iOS devices, including those who have not experienced any unlock (Jailbreak). The virus was named “AceDeceiver” and can install on a gadget without any kind of security certificate.
New iPhone Virus Capable of Infecting Any iOS Device
This malware explores failures DRM device designs (digital rights management), even with the removal of the App Store, the researchers who discovered believe that it will continue to be spread through specific attack vectors. Moreover, it is the first time it discovers a threat that could exploit the DRM technology of Apple, called FairPlay, even when the appliance is not unlocked.
The technique used by AceDeceiver is known as FairPlay Man-In-The-Middle (MITM), recurrent since 2013 to install pirated applications on jailbroken iPhones. To recap, Apple allows it’s customers to purchase and install apps through iTunes and to carry out installation; iOS checks a key present in the application and that proves you made the purchase, and complete the process.
Many programs that install pirated applications on iOS use the technique of FairPlay MITM offering authorized code apps and tricking the iPhone system to make it identify that process as legal. In the case of AceDeceiver, attackers created a Windows program called “Aisi Helper” that install the pirated apps which also infect the device with the virus.
How malware works When you connect your iPhone to a PC on which Aisi Helper is installed?
It infects the device with malware officially distributed by App Store. In all, three different applications of “AceDeceiver family” were in the App Store between July 2015 and February 2016 – all wallpapers apps. To get to the App Store, the applications in question beat the Apple checks using a method already used by other malware. In this case, each of the seven company verification steps can be bypassed because the app geographically restricts it’s malicious behavior to users located in China. So, out there, the application passes as normal, which does not prevent it expand it’s harmful practice area at any time after getting permission from Apple to be offered in their official store.
When infecting a device, the AceDeceiver offers access to another app store, encouraging the user to enter their App Store access credentials and sending this information to a server. With them, attackers can steal any data associated with your Apple account (such as personal data, phone number and even number of the credit card). A fact convincing to many people is that it seems, this malware currently acts only in China, but we must be careful because it can still be spread to other countries.