It’s getting rough for Apple. As it continues to battle issues left and right thrown to them by the US federal officials and a possible probing by the European Commission, it has been found out that another malware has made itself known. The family of malware is currently being called the AceDeceiver, the latest malware to target iOS devices.
The new malware is discovered by Palo Alto and is detailed this Wednesday, March 16, in one of its posts written by Claud Xiao on their website. According to their researchers, it is a bit different from those previous iOS malwares because instead of abusing enterprise certificates, this malware manages to install itself without any enterprise certificate at all.
Based on their findings, the latest iOS malware exploits the design flaws in Apple’s DRM mechanism. Even if the Cupertino company has removed the AceDeceiver from its App Store, it might still be able to spread due to a novel attack vector. It is known that between the period of July 2015 and February 2016, three compromised apps were uploaded to the App Store.
It is also reported that the malware might have spread to an iOS device by users who unknowingly installed a corrupted product known as “Aisi Helper” on their Windows run PC to help manage their iOS device. The corrupted app covertly installed “malicious apps on any iOS device that was connected to the PC.”
This technique this new malware employs is called the “FairPlay Man-In-The-Middle” or MITM, which has been used since 2013 to spread pirated iOS apps. This is the first time it was used to spread malware. The malware is alarming as it can infect Apple iOS devices even if it isn’t jailbroken.
As of now, users are a bit reassured as AceDeceiver is only reported to have affected users in China. However, there is a chance that it might spread soon. Meanwhile, Xiao is reminding users to be cautious as it can easily be used by others in the world. Hackers can use this to their advantage after all they are called hackers for a reason.
After all, using this malware can let them steal authorization codes without the Cupertino’s knowledge and permission. International Business Times reports that having a fix for this malware via FairPlay is considered slim to none.
Currently, the measures one can do, according to Xiao, are to uninstall any apps and/or software from Aisi Helper’s Windows client. It is also recommended that users enable Apple’s two-factor authentication feature for their Apple ID accounts and to change their ID passwords.
For more technology news, you can subscribe to our newsletter. If you are a social media junkie and would like to receive updates on your timeline, then you can also like us on Facebook or follow us on Twitter.