AceDeceiver is iOS malware that infects non-jailbroken iPhones
posted by Alan F. / Mar 16, 2016, 3:48 PM
The actual technique used in this attack to install malware on a non-jailbroken iOS device is called "FairPlay Man-In-The-Middle (MITM)." An iOS user can install an iTunes app on his device by using the iTunes client that runs on his computer. With "FairPlay Man-In-The-Middle (MITM)," the attacker buys an iOS app from the App Store and intercepts the authorization code. Using this code, the attacker then tricks the victim's iOS device into believing that it purchased the malicious app. As a result, the victim's iPhone or iPad is infected with apps he/she never paid for, including infected apps that are a ticking time bomb.
Right now, AceDeceiver acts badly only when the victim and his device are located in China, but that is something that can be changed easily. And because it doesn't require an enterprise certificate, even those phones under the watch of an MDM are still vulnerable.The removal of the malicious apps from the App Store won't make a difference. With the FairPlay MITM attack, the malicious app needs to have been available on the App Store only once. And the malicious app installs itself, so the victim's participation is minimal.
As we said, if you live outside of mainland China, you have nothing to be worried about for now. Before these attacks spread to other regions, hopefully Apple will come up with something to put an end to this.
Lmao! Ouch! (By the way, you spelled infects wrong)
posted on Mar 16, 2016, 3:54 PM 0
Posts: 755; Member since: Mar 12, 2016
Ouch huh? This aeticle is another proof that iOS isn't as secure as how Apple Fans claim it to be!
posted on Mar 16, 2016, 4:00 PM 11
The original Palo Alto article has a much better explanation of how it works and why. I'll try to summarize. 1) Any Windows PC user follows a link to the website of the malware author. 2) They are encouraged to download a Windows helper app (malware) which claims to assist in managing iOS devices 3) Once installed on computer, the user is instructed to download an iOS app through a fake iTunes feature within the Windows app 4) The user is prompted for their Apple ID log in which is then stolen. This is the primary purpose of the malware 5) Windows then automatically installs the iOS malware app to any iOS device connected to the computer, without user action. 6) The iOS malware does have an icon which the user might notice as something they did not install, but... 7) Once the malware is installed on the iOS device users can download pirated games from a third party App Store. 8) Currently it only works in China but that could be changed to any region very easily. It works best if it is restricted to only one region at a time
posted on Mar 16, 2016, 5:16 PM 4
Posts: 249; Member since: Oct 17, 2011
Fully agree that it's user stupidity and the blame is squarely on the user. However, Apple is partly to blame for this user stupidity. Apple tries to grocery that their products are immune to attack and stupid Apple users believe it. Because they believe that Apple is perfect and can't be infected they never have their guard up to look for stupid sh!t like this. They are a victim of their own arrogance.
posted on Mar 16, 2016, 11:41 PM 0
Here's thing... Every single article about some malware or hack that's been reported somehow always relates to China, and it only affects China, with apps made for Chinese specific services. I cannot remember reading an article that would affect someone whose in other markets... Is the Chinese app store different from the rest of the world?
posted on Mar 17, 2016, 3:02 AM 0
Posts: 1904; Member since: Mar 25, 2014
See here's the thing, when you hear about android virus', which are often of this nature as well, people bash Android for it. Which at least is my point, Android and Apple are both software companies and both have roles and possibilities of being hacked or compromised or whatnot. Apple is not 'unique' in this way despite their marketing.
posted on Mar 17, 2016, 4:24 AM 0
Posts: 3960; Member since: Oct 21, 2014
Some iSheeps never cease to end their ignorance, even when clear evidence has been shown to them multiple times: http://www.dereferer.org/?http
posted on Mar 16, 2016, 8:58 PM 2
Posts: 219; Member since: Apr 17, 2013
Got popcorn, beer and waiting for word war ;)
posted on Mar 16, 2016, 3:58 PM 1
I'll start first! Saxicolous! Bam! Beat that! (ps: what do I get if I beat you)?
posted on Mar 16, 2016, 4:02 PM 0
Posts: 219; Member since: Apr 17, 2013
BTW is that Apple backdoor app for government in trial before official release??
posted on Mar 16, 2016, 4:04 PM 0
Send a warning to post author
Send a warning to Selected user.
The user has 0 warnings currently.
Next warning will result in ban!
Ban user and delete all posts
Message to PhoneArena moderator (optional):