Apple devices hacked in China: AceDeceiver malware hidden on App Store dupes users into installing malicious apps on iOS

FairPlay Man-In-The-Middle (MITM) technique used to spread malware on non-jailbroken devices by using simulated app stores

PUBLISHED : Thursday, 17 March, 2016, 5:10pm
UPDATED : Thursday, 17 March, 2016, 5:43pm

A family of malware infecting non-jailbroken iOS devices targeting users in mainland China has been identified by security firm Palo Alto Networks.

The AceDeceiver malware was found hidden behind three “wallpaper” apps in the App Store. It uses a flaw in Apple’s digital rights management technology FairPlay to install malicious apps on iOS devices.

READ MORE: Is your webcam a Trojan Horse for hackers, voyeurs and spies? Hundreds of Hong Kong households seen by strangers online via Shodan search engine

“AceDeceiver shows yet another way attackers are getting around Apple’s security measures to install malicious apps, particularly on non-jailbroken devices,” said Palo Alto Networks researcher Claud Xiao in a blog post.

“As of this writing, AceDeceiver is only targeting iOS devices in mainland China, but attackers could easily expand this attack to other regions around the world.”

AceDeceiver is the first time Palo Alto has seen the so-called FairPlay Man-In-The-Middle (MITM) technique used to spread malware. It first appeared in 2013 to spread pirated apps, and works by duping users into downloading apps from a simulated app store.

READ MORE: Hackers gone wild - Hong Kong cybersecurity incidents up 43pc in 2015 as website attacks leap four-fold

The security firm said that while the hacking of Android devices has received much attention, hackers are increasingly targeting iOS devices now.

Last September, Apple was forced to clean up its App Store to remove malicious iPhone and iPad apps carrying a malicious programme called XcodeGhost, which had been embedded on apps including WeChat.

Three apps were uploaded to the App Store after successfully passing Apple’s code review between July 2015 and February, the security company said, adding that these have now been removed after Apple was alerted.

Through these apps, hackers were capable of stealing victim’s Apple IDs and passwords.

Users of the affected apps were prompted to install Aisi Helper on their Windows computers. This claims to offer system back-up and reinstallation for iOS devices as well as jailbreaking.

However, the Chinese-developed software was secretly installing malicious apps onto any iOS device connected to the Windows computer with the software installed.

These apps would then provide a connection to a third-party app store controlled by the hacker, where users could download iOS games and apps.

Once downloaded, these apps asked users to input their Apple IDs and passwords. This personal information was then uploaded to AceDeceiver’s servers.

Palo Alto Networks recommends users who installed the Aisi Helper software or apps after March 2015 remove the software and apps and change their Apple ID passwords.

The security company also recommended users opt for two-tier authentication for their Apple IDs.