iOS Trojan malware AceDeceiver targets non-jailbroken iPhones exploiting Apple’s DRM flaw
New iOS malware infects non-jailbroken iPhones bypassing Apple’s security mechanisms Palo Alto Networks

A new malware that has been uncovered targets even non-jailbroken iPhones. The malware, dubbed the AceDeceiver, exploits Apple's digital rights management (DRM) mechanism to infect devices with malicious software.

The malware was first detected by Palo Alto Networks researcher Claud Xiao, who discovered that AceDeceiver was cleverly undermining Apple's DRM to allow malicious hackers to install dubious apps onto iOS devices, while completely bypassing Apple's in-built security measures.

In a blog post, Xiao warns: "What makes AceDeceiver different from previous iOS malware is that instead of abusing enterprise certificates as some iOS malware has over the past two years, AceDeceiver manages to install itself without any enterprise certificate at all. It does so by exploiting design flaws in Apple's DRM mechanism, and even as Apple has removed AceDeceiver from App Store, it may still spread thanks to a novel attack vector."

The malware has been found existing under the product name of Aisi Helper, which is a Windows software program that claims to provide iOS-related services like jailbreaking, re-installation, system back-up and device management. AceDeceiver uses a technique called FairPlay Man-In-The-Middle (MITM), which has been commonly used before to spread pirated malware iOS apps. However, according to Xiao, this is the first time the MITM technique has been used to spread malware.

What is alarming is that the MITM approach allows malicious entities to install malware within even non-jailbroken iPhones and with users being none the wiser about their iPhones playing host to a dangerous malware.

Currently, AceDeceiver has affected iPhone users in China, but it is still unconfirmed as to how many users have become victims, Forbes reported. Xiao has cautioned that the malware could easily be used by others around the globe. Hackers could simply continue collecting more authorisation codes and send them to a remote server run by malicious entities.

Given that hackers, via the AceDeceiver software, can actually steal authorisation codes without Apple's knowledge, the likelihood of a fix for this malware via FairPlay is considered slim. Xiao suggests that users uninstall any apps or software from Aisi Helper's Windows client and immediately change their Apple ID passwords. It is also recommended that users enable Apple's two-factor authentication feature for their Apple ID accounts.