Meet AceDeceiver: The First iOS Trojan Horse

Users of iOS devices should be on alert after the arrival of what looks like the first Trojan Horse malware developed for Apple’s mobile operating system. According to a post by Palo Alto Networks, this malware—which is known as AceDeceiver—is unique among other iOS threats in that it doesn’t use counterfeit enterprise certificates to gain access to your device. AceDeceiver doesn’t use an enterprise certificate at all. Rather, it manipulates a major vulnerability in Apple’s DRM (digital rights management) and uses it to install malicious apps on your phone or tablet.

How the Attack Works

For a time, AceDeceiver was available on the App Store in the form of several different applications, including “AS Wallpaper” and “i4picture.” The Palo Alto Networks report notes that Apple has since removed those apps, but also theorizes that the threat is just beginning. Using a specialized Man-in-the-Middle attack that exploits FairPlay—a part of Apple’s DRM—AceDeceiver can trick iOS users into installing malware onto their iOS devices.

Apparently, this threat is not the first time that Man-in-the-Middle strategies have been used to hoodwink FairPlay. The Palo Alto Networks article notes that cyber criminals have been using this method since 2013 as a means of spreading pirated iOS software. Until now, though, the method has not been used to spread malware.

FairPlay Man-in-the-Middle attacks go to work when users purchase apps on their computers and then connect their iOS devices transfer those applications via USB. Cyber criminals can essentially intercept communications between the App Store and a user’s computer in order to serve the user with pirated or malicious software. Once an AceDeceiver app is on a user’s PC, it will spread and install malicious software on any iOS device ever connected to the computer. This spreading is possible even though Apple has removed all AceDeceiver programs from the App Store. AceDeceiver apps cannot infect Mac computers, which means that only Windows users with iPhones or iPads can be affected.

How to Protect Yourself

So how can you keep yourself safe from the AceDeceiver Trojan Horse? The good news is that, right now, this particular vulnerability only negatively affects users in mainland China. Even if you somehow manage to download AceDeceiver onto your computer or phone, it probably won’t switch on and install malicious apps if you live elsewhere.

The bad news is that this program presents a new way for cyber criminals to infect iOS devices. The principle behind AceDeceiver—the FairPlay Man-in-the-Middle attack—could feasibly be used by other hackers in other parts of the world to attack iPhones and iPads. As of right now, the vulnerability hasn’t been patched by Apple. When it is, older versions of iOS may remain vulnerable—a good argument for updating your operating system to the most recent version. For now, though, your best course of action might be to download new apps only through the mobile version of the App Store. Since AceDeceiver infects iOS devices by being installed on a computer first, you might be able to dodge infection by limiting the occasions you have to connect your phone or tablet to your computer.