A security firm has confirmed the existence of iOS malware that can infect even non-jail broken phones.
Security company Palo Alto Networks announced it found a Trojan that exploits flaws in Apple’s DRM without needing to abuse enterprise certificates, and they’re calling it “AceDeceiver.” Currently, AceDeceiver only activates when the device’s geotag is in China.
The procedure for how the malware works is a bit complex. According to Palo Alto Networks, AceDeceiver uses a mechanism called FairPlay Man-in-the-Middle, where attackers purchase apps and save the authorization code needed for it to work on an iOS device. People who download the client AiSiHelper, a program that mimics iTunes, will now be in possession of an infected computer. When they plug in their iOS device, attackers can send an authorization code to trick a victim’s device to make it believe it purchased the app, and then it will download it.
Once the app has been downloaded on a victim’s phone, it will prompt them for their Apple ID and password, which the attacker’s then have access to.
The three iOS apps used in attacks have been found on the App Store and removed by Apple inc. Now that this malicious code has been approved by the App Store, however,other attacks of this type could be coming in the future.
The three apps in the AceDeciever family all claimed to be wallpaper apps for iOS and somehow got past Apple’s review for malicious code in the App Store.
“The bigger issue, however, is that AceDeceiver is evidence of another proportionately easy way for malware to infect non-jailbroken iOS devices,” writes Claud Xiao, one of the researchers. “As a result, it’s likely we’ll see this start to affect more regions around the world, whether by these attackers or others who copy the attack technique.”
Here’s How to Avoid It
The end game here is the collection of Apple IDs as well as passwords, so if you do live in China and have used Aisi Helper, we suggest resetting your Apple ID password and turning on 2-factor authentication on your device ASAP. Hopefully, it’s not too late.
You can find the instructions on how to do so here: How To Enable Two-Step Verification For Apple ID / iTunes / iCloud.