Security firm Palo Alto Networks recently discovered what it's calling a new family of iOS malware that's capable of infecting non-jailbroken (stock) devices. It's being dubbed AceDeceiver and according to the firm, it's the first iOS malware they've seen that abuses design flaws in FairPlay, Apple's digital rights management (DRM) technology.
Palo Alto Networks said three different iOS apps in the AceDeceiver family were uploaded to Apple's App Store between July 2015 and February of this year disguised as wallpaper apps. The company said Apple removed the offending apps last month when they were made aware of them but not before they passed Apple's code review at least seven times.
Just to be clear, the technique that AceDeceiver utilizes – taking advantage of the aforementioned FairPlay flaw – isn't new. It's called FairPlay man-in-the-middle (MITM) and has been used since 2013 to spread pirated iOS apps; this just appears to be the first time it's been exploited to spread malware.
Because the FairPlay MITM attack only requires apps to have been available in the App Store once, the attack is still viable according to the security firm. The good news is that AceDeceiver is only targeting users in mainland China but the target would be easy for an attacker to change at any time.
A detailed look at AceDeceiver's method of spreading, attacking and implementation is available for review on Palo Alto Networks' blog.
Image courtesy Xaume Olleros, Getty Images