iOS malware 'AceDeceiver' affecting customers in China

Security company, Palo Alto Networks, has discovered a new malware called “AceDeceiver” which could attack factory-configured (non-jailbroken) iPhones. The malware is said to be currently affecting users in China. Palo Alto Networks’s research page  says, “What makes AceDeceiver different from previous iOS malware is that instead of abusing enterprise certificates, as some iOS malware has over the past two years, AceDeceiver manages to install itself without any enterprise certificate at all. It does so by exploiting design flaws in Apple’s DRM mechanism, and even as Apple has removed AceDeceiver from the App Store, it may still spread thanks to a novel attack vector.” AceDeceiver is the first iOS malware that abuses certain design flaws in Apple’s DRM protection mechanism and installs malicious apps on iOS devices, regardless of whether they are jailbroken. The company says that with small configuration tweaks (mostly location settings) it could affect US iPhone users as well. Three different iOS apps in the AceDeceiver family were uploaded to the official App Store between July 2015 and February 2016 and all of them claimed to be wallpaper apps. This technique is called “FairPlay Man-In-The-Middle (MITM)” and has been used since 2013 to spread pirated iOS apps. The FairPlay MITM attack technique was also presented at the USENIX Security Symposium in 2014; however, attacks using this technique are still occurring successfully, pointed out the report.