AceDeceiver, Chinese Trojan and affects devices without jailbreak

We usually say that iOS devices are safe and one of the main reasons we give is that iOS is a closed operating system. Most security problems that affect an iPhone, iPod Touch or iPad affect devices that have been jailbroken because in doing so we have opened a gateway to these types of problems. But those who are against Jailbreak for security have to know that no system is 100% Egyptian, as a new Trojan called AceDeceiver what affects users in China even if they haven't jailbroken their device.

The malware It has been discovered by Palo Alto Networks and is currently affecting users residing in China. AceDeceiver infects iOS devices taking advantage of FairPlay bugs, the Apple DRM system. According to Palo Alto Networks, the Trojan uses a technique called “FairPlay Man-in-the-Middle” that has been used in roasting to install pirated applications using fake iTunes software.

AceDeceiver takes advantage of FairPlay

Apple allows users to buy and download iOS applications from its App Store through the iTunes client on a computer. Computers can be used to install applications on iOS devices. IOS devices will request an authorization code for each installed application to verify that the application has been purchased. In the MITM FairPlay attack, the attackers buy an application from the App Store, then intercept and save the authorization code.

They developed a PC software that simulates the resident iTunes client and tricks iOS devices into believing that the application has been purchased by the victim. At that time, the user can install applications for which he has never paid and the software creator can install potentially dangerous applications without the user's knowledge.

From July 2015 to February 2016 three applications were uploaded to the App Store which contained the code of AceDeceiver. They were published as wallpaper applications, when they actually provided an authorization code to attackers who could use in AceDeceiver attacks.

There is a Windows application called “Aisi Helper” It is supposed to offer services such as backup and cleaning that has been installed by users from China. This application installs malicious applications on the devices that connect to the computer by offering a third-party App Store with free content as a hook. The third-party App Store asks users to enter their Apple ID and password and that information ends on AceDeceiver's servers.

An AceDeceiver application that shows an unofficial App Store

Apple deleted the applications in February, but attacks are still possible because attackers still have the authorization code. AceDeceiver only affects users residing in China, but Palo Alto Networks believes that this Trojan or other malware Similar can be extended to other countries. The problem has not yet received a security patch and could be present in older iOS versions that no longer receive support, such as the case of the iPhone 4. In any case, if the problem is serious, surely Apple will launch an update just to correct the bug.

In order to function, AceDeceiver now needs users to download the Aisi Helper Windows application and install it on their computer before the malware It can infect iOS devices. Once again, the importance of downloading software only from official sources and that all that glitters is not gold. This is equally important or perhaps more on devices with Jailbreak, but in this case downloading tweaks and applications only from reliable repositories, such as BigBoss (although there was a case in which it was hacked and we can never be 100% sure of these things). There are times when common sense may be the best antivirus.

The best accessories for your iPhone

Are you looking for a new case for your iPhone? An accessory for the Apple Watch? Maybe a Bluetooth speaker? Do not miss these offers on accessories and get the most out of Apple's mobile: