AceDeceiver: The trojan on iOS that bypasses DRM Apple and infects iPhone and iPad

It has been seen in China a new malware can also infect non-jailbroken devices. It’s called AceDeceiver and according to the company that has discovered. It  can be up to other countries of the world.

Many of the decisions taken over the years by Apple on iOS have been dictated by the objective of achieving the highest possible level of security. We know well that it is almost unrealistic to think a computer system as totally safe, and we have seen how even very important target may be vulnerable to external attacks. This is the time when the victim is iOS,  the mobile operating system from Cupertino that is being targeted by a new Trojan spotted in China.

AceDeceiver, this is his name, was discovered by Palo Alto Networks and at the time of this writing has ” claimed victims ” only in the Asian country. It can also infect devices not unlocked through a jailbreak exploit that can be run via an external PC compromise.

Specifically, the malware can target an iOS device using some holes in FairPlay, the DRM (digital rights management) used by the Apple operating system.

According to Palo Alto Networks, AceDeceiver uses a technique man-in-the-middle attacks which in the past had been used   to distribute pirated app for iOS installed thanks to a falsified version of iTunes and bogus authorization codes. The same technique is used to install AceDeceiver.

The company describes the new malware infection on iOS occurred recently in China.

” Apple allows users to purchase, and download iOS apps from its App Store through iTunes, that can be run from an external PC. Thus, users can use the computer to install the applications on their iOS  devices.

For devices is required authorization code for each installed application to prove that the same has been duly purchased. the user buys an app from the App Store During the attack MITM (man-in-the-middle), and the attackers intercept the authorization code and save him.

The same PC have developed software that simulates the iTunes client modus operandi, by tricking iOS devices that the application has been purchased by the victim. The user can install applications for which they never paid, and the creator of the software can install any potentially malicious application at the user’s knowledge. “

Since last July 2015 AceDeceiver three applications have been uploaded to the App Store, the official one. They were seemingly innocuous applications, such as to download wallpaper for your device, but actually supplied the false attackers authorization codes that could be used to carry out the attacks. Aisi Helper, an app for iPhone management for Windows which downloaded the app counterfeit device, was also downloaded and used extensively in China.

These applications downloaded from Aisi Helper asked users of the Apple account credentials, information that were subsequently loaded onto AceDeceiver server. Although Apple has removed in February infected applications from the official store (those used by hackers to obtain authorization codes), the attack is still active because the attackers are still available codes needed to install the app on devices falsified.

Although it has been seen only in China, AceDeceiver could arrive in other countries in the future according to the security company. At the time of writing it seems also that the bug that allowed the execution of the exploit has not yet been patched, and is very likely to remain permanently in the iOS versions older for devices that have not been updated. Because it is dangerous, however, you must install the app Aisi Helper on your PC.

Further details can be found on the official site of Palo Alto Networks.