AceDeceiver iOS malware may be lurking in your iPhone

If you connect your device to a Windows PC and live in mainland China, that is

AceDeceiver

A new Trojan dubbed AceDeceiver has been found to affect iOS devices that are not jailbroken, which means it has the potential to infect hundreds of thousands of iPhones and iPads. Experts feel there’s no reason to raise the alarm yet, since it is harmful merely to users located in mainland China and that too, only when they connect their Apple smartphone or tablet to a Windows PC.

But there are fears of AceDeceiver being capable of sweeping into more devices in the future due to the method it uses to attack them. The malware leverages design flaws in Apple’s DRM mechanism (known as FairPlay) to achieve this, reports security firm Palo Alto Networks. Three applications belonging to the AceDeceiver family and pretending to be wallpaper apps were uploaded on iTunes between July 2015 and February 2016.

Apple took them down in February, after being notified of the same. So how does malicious software such as this stay out of the company’s view? Allegedly, it only shows itself when the user is located in China. Again, this doesn’t mean it can’t be adapted to reach non-jailbroken iOS devices in other countries later on. The FairPlay Man-In-The-Middle (MITM) technique has been spreading pirated iOS apps since 2013.

FairPlay MITM Attack

AceDeceiver is apparently the only one known to infect a user’s iPhone or iPad with malware instead. A Windows client called Aisi Helper is said to enable the FairPlay MITM attack. The software promises system re-installation, backup, jailbreaking, device management and system cleanup services. But it secretly installs malware on any iOS device connected to the computer on which it is present.

Also see: How to find out if your Mac is infected

An icon on the victim’s home screen is the only trail it leaves. AceDeceiver is claimed to be dangerous because the malicious application links the affected Apple gadget to a third party store controlled by the hacker. Also, the attack might still work on older versions of iOS and it does not need an enterprise certificate to function. Removing apps connected to it on iTunes doesn’t affect it.

Most importantly, users don’t have to download the malicious applications themselves since this is done without their knowledge, allowing it to go unnoticed. Until security engineers find a way to kill this threat, there’s not much you can do about it. In the mean time, constant vigilance!