AceDeceiver only hit devices China, “but that would be easy for the attacker to change in any time.”
Typically, iOS malware affects jailbroken iPhones, but Palo Alto Networks has identified a new family of iOS malware that infects non-jailbroken devices.
What makes this exploit, dubbed AceDeceiver, different “is that instead of abusing enterprise certificates as some iOS malware has over the past two years, AceDeceiver manages to install itself without any enterprise certificate at all,” Palo Alto’s Claud Xiao wrote in a blog post.
“It does so by exploiting design flaws in Apple’s DRM mechanism, and even as Apple has removed AceDeceiver from [the] App Store, it may still spread thanks to a novel attack vector,” Xiao wrote.
The attackers employed the “FairPlay Man-In-The-Middle (MITM)” technique.
It’s been in use since 2013 to spread pirated iOS apps, “but this is the first time we’ve seen it used to spread malware,” Xiao said.
In this case, three different apps were uploaded to the iTunes App Store between July 2015 and February 2016, all of which claimed to be wallpaper apps and bypassed Apple’s code review.
At this point, AceDeceiver only displayed malicious behaviors for those in China, “but that would be easy for the attacker to change in any time,” according to Xiao.
But while Cupertino pulled the apps last month, Palo Alto Networks said the attack is still viable, since the FairPlay MITM requires the programs to be available only once.
“The bigger issue…is that AceDeceiver is evidence of another relatively easy way for malware to infect non-jailbroken iOS devices,” Xiao said. “As a result, it’s likely we’ll see this start to affect more regions around the world, whether by these attackers or others who copy the attack technique.”
In October, Palo Alto Networks identified the YiSpecter malware, which similarly targets non-jailbroken iPhones and iPads in China and Taiwan. Last year, it also identified the KeyRaider malware which more than 225,000 Apple IDs from jailbroken iOS devices.
Apple device owners should remain wary: A recent Symantec report suggested that hackers are increasingly turning their attention toward Cupertino’s popular software and gadgets.
Apple declined to comment further.
Editor’s Note: This story was updated at 1:40 p.m.
Eastern with a response from Apple.