The research center of Palo Alto Networks has discovered a new malware capable of infecting any iOS device, including those that have not experienced any unlock (Jailbreak).
The virus was named “AceDeceiver” and can be installed on a gadget without any security certificate.
New iPhone Virus Capable of Infecting Any iOS Device
This malware explores failures of DRM device designs (digital rights management); even with the removal of the App Store, the researchers who discovered it believe that it will continue to be spread through specific attack vectors.
Moreover, it is the first time it discovered a threat that could exploit the DRM technology of Apple, called FairPlay, even when the appliance is not unlocked.
The technique used by AceDeceiver is known as FairPlay Man-In-The-Middle (MITM), recurrent since 2013 to install pirated applications on jailbroken iPhones.
To recap, Apple allows its customers to purchase and install apps through iTunes, and to carry out installation, iOS checks a key in the application that proves you made the purchase and completed the process.
Many programs that install pirated applications on iOS use the technique of FairPlay MITM, offering authorized code apps and tricking the iPhone system into making it identify that process as legal.
In the case of AceDeceiver, attackers created a Windows program called “Aisi Helper” that installed pirated apps, infecting the device with the virus.
How malware works When you connect your iPhone to a PC on which Aisi Helper is installed?
It infects the device with malware officially distributed by App Store. All three different applications of the “AceDeceiver family” were in the App Store between July 2015 and February 2016 – all wallpapers apps.
To get to the App Store, the applications in question beat the Apple checks using a method already used by other malware. In this case, each of the seven company verification steps can be bypassed because the app geographically restricts its malicious behavior to users located in China.
So, out there, the application passes as normal, which does not prevent it from expanding its harmful practice area at any time after getting permission from Apple to be offered in their official store.
When infecting a device, the AceDeceiver offers access to another app store, encouraging the user to enter their App Store access credentials and sending this information to a server.
With them, attackers can steal any data associated with your Apple account (such as personal data, phone number, and even the number of your credit card). A fact convincing to many people is that this malware currently acts only in China, but we must be careful because it can still be spread to other countries.