'AceDeceiver' malware secretly installs malicious apps onto iOS devices
A new form of iOS malware, nicknamed "AceDeceiver," can infect people without relying on an enterprise certificate or attacking jailbroken devices, security firm Palo Alto Networks revealed on Wednesday.
Instead the malware exploits flaws in Apple's FairPlay digital rights management, Palo Alto noted. Those vulnerabilities have used since 2013 to pirate iOS apps, but have only recently been turned to spread malware.
When fetching an app from Apple, a device normally pings the company's servers for a code proving it was purchased by a user. By intercepting such codes and crafting Windows software simulating iTunes' behavior, a hacker has been able to trick iOS devices into believing apps were bought by victims. The Windows software, dubbed "Aisi Helper," is disguised as a helpful tool but will install malicious iOS apps without alerting targets.
Three AceDeceiver apps disguised as wallpaper tools made their way onto the App Store between July 2015 and February 2016, Palo Alto said. The titles passed Apple code review "at least" seven times, the firm added, and were only removed once they were reported by Palo Alto late last month.
The apps are still a threat so long as they're installed, but are currently set to be malicious only in mainland China. Running them connects to a third-party app store where people are encouraged to enter their Apple IDs, which are then stolen and uploaded to a server.
Apple normally prides itself on iOS' security, but has still had to periodically remove App Store titles because of dangerous code. In November, for instance, the company pulled an Instagram client called InstaAgent after it was discovered collecting usernames and passwords.
Instead the malware exploits flaws in Apple's FairPlay digital rights management, Palo Alto noted. Those vulnerabilities have used since 2013 to pirate iOS apps, but have only recently been turned to spread malware.
When fetching an app from Apple, a device normally pings the company's servers for a code proving it was purchased by a user. By intercepting such codes and crafting Windows software simulating iTunes' behavior, a hacker has been able to trick iOS devices into believing apps were bought by victims. The Windows software, dubbed "Aisi Helper," is disguised as a helpful tool but will install malicious iOS apps without alerting targets.
Three AceDeceiver apps disguised as wallpaper tools made their way onto the App Store between July 2015 and February 2016, Palo Alto said. The titles passed Apple code review "at least" seven times, the firm added, and were only removed once they were reported by Palo Alto late last month.
The apps are still a threat so long as they're installed, but are currently set to be malicious only in mainland China. Running them connects to a third-party app store where people are encouraged to enter their Apple IDs, which are then stolen and uploaded to a server.
Apple normally prides itself on iOS' security, but has still had to periodically remove App Store titles because of dangerous code. In November, for instance, the company pulled an Instagram client called InstaAgent after it was discovered collecting usernames and passwords.
Comments
OK, noted.
Congrats all around.
It’s all about stirring up FUD about Apple and selling security software. The security crowd is incensed that the iOS and OS X platforms actually are pretty secure when compared to the competition anyway. The haters want the populace to believe there is no difference between Apple and the others. But it’s mostly about selling security software. Scare people into buying software that turns their Macs or iPhones into sluggish malfunctioning bricks. But hey, they’re “safe” now.
1) Any Windows PC user follows a link to the website of the malware author.
2) They are encouraged to download a Windows helper app (malware) which claims to assist in managing iOS devices
3) Once installed on computer, the user is instructed to download an iOS app through a fake iTunes feature within the Windows app
4) The user is prompted for their Apple ID log in which is then stolen. This is the primary purpose of the malware
5) Windows then automatically installs the iOS malware app to any iOS device connected to the computer, without user action.
6) The iOS malware does have an icon which the user might notice as something they did not install, but...
7) Once the malware is installed on the iOS device users can download pirated games from a third party App Store.
8) Currently it only works in China but that could be changed to any region very easily. It works best if it is restricted to only one region at a time
thats Tidal.
Stay away (from jay. And Kanye).
Thats about it.
Good.
It may be only in China right now but conceptually this could be done merely by having the malicious middle tier on your network with some traffic redirection.
Any Windows PC user [is] encouraged to download a Windows helper app (malware) which [will] download an iOS app through a fake iTunes feature within the Windows app. The user is prompted for their Apple ID log in which is then stolen. This is the primary purpose of the malware.
As already pointed out by baconstang, it is indeed a Windows malware specifically designed to steal Apple ID logins in China. Yes yes, China for now, got it.
As most attacks towards OS X or iOS, they still have to use another platforms's weaknesses to get through, whether it's Flash, Java, Windows etc.
And ultimately it installs an iOS malware app connected to the computer so that the pirate user can go ahead and steal games. Is there no honour amongst thieves ?
Stick with Apple devices to connect to the Apple App Store and you'll always be protected … until the Feds break it. Got it. Are the Feds working for the Chinese ?
That being said, Apple still has to fix this man in the middle weakness over there, because no one will remember that it's Windows malware, except the pirates.
So this is elective malware not really malware.
A bit like "I accidentally fell into a prostitute".
And the haters clamour as always.