The iPhone is generally safer than Android when it comes to malware infections though Apple’s smartphone isn’t impervious to such threats. We’ve seen various malware attacks in the past, some of them targeting jailbroken iPhones, or Apple’s older versions of Xcode to sneak malicious apps in the App Store.
A brand new malware strain was just discovered, a sneaky attacks that fooled not only Apple’s app review team into allowing malware apps into the App Store, but that can also quietly install apps on any iOS device without the user’s explicit knowledge or permission. A jailbreak status is not even needed for the attack to work.
Discovered by security researchers at Palo Alto Networks, the attack requires a PC to deploy the software. Called AceDeceiver, the malware is currently affecting users in China.
What hackers manage to achieve was to crack Apple’s FairPlay digital rights management (DRM) system with a technique called FairPlay Man-in-the-Middle, as shown in the image below.
In the FairPlay MITM attack, hackers purchase an app from the store and then intercept and save the authorization code, which Apple sends over to a PC each time an app purchase procedure is initiated.
Furthermore, the hackers created PC software that simulates the iTunes client, and then tricks iOS devices to believe the malware iOS app that’s about to be downloaded is a genuine purchase. This is how malicious apps can end up on iOS devices without a user knowing what happened. He or she would see the new app icon, but only after the installation.
Palo Alto Networks discovered that from July 2015 to February 2016, three AceDeceiver iOS app were accepted in the official iOS App Store, posing as wallpaper apps, and offering attackers the fake authorization codes that are needed in these attack. The apps bypassed Apple’s review team at least seven times, by using a handy trick: the app uses geofencing to target its attacks, tailoring its behavior depending on geographical region. In these cases, the apps only had malicious components for users located in China.
Apple removed the apps, but the AceDeceiver attack remains a danger to Chinese iPhone users, as the hackers still have authorization codes from Apple.
The second part of the assault that installs malicious code on iPhones is a Windows app that’s supposedly helping users manage their iOS devices. Called Aisi Helper, the app touts reinstall, jailbreak, system backup, device management and system cleaning powers.
But it’s this app that works in connection with the stolen certificates that can silently install malicious iOS applications on the iPhone. The malicious apps provide a link to a third-party app store, where unsuspecting clients could be fooled into entering their Apple ID credentials.
More details about this new iPhone threat are available at the source link.