Apple Users Hit With MORE Malware

After years of being spared the countless malware attacks seen on Android, Apple users are being increasingly warned about threats to the iOS software.

However, the latest malware is more advanced than previous versions because it doesn’t rely on the user downloading dodgy apps or jailbreaking their phone.

Called ‘AceDeceiver’, the malware can install itself on a phone by infecting the user’s computer first.
The malware was uncovered by security company Palo Alto Networks.

It can attack iPhones that have not been ‘jailbroken’, but at the moment the malware has only been found in China.
The attackers created Windows software called ‘Aisi Helper’ for the PC, which purported to be software that provides services for iOS devices such as system re-installation, jailbreaking, system backup, device management and system cleaning.

But what was also doing was surreptitiously installing the malicious apps on any iOS device that is connected to the PC on which Aisi Helper is installed.

‘In its present form, you’d have to be dumb enough to install a Chinese pirate app store in order to have to worry about this,’ said Jonathan Ździarski, author of a book on hacking iOS devices and how to prevent it,
‘But in a more malicious form, something like it could potentially be embedded as a trojan in legitimate software.’

[SIZE=4]WHAT IS JAILBREAKING? [/SIZE]
Apple deliberately locks down iPhones and iPads to keep them secure, but also guarantee only approved apps are installed.

To install apps that aren’t available on the App Store, users can do what’s called ‘jailbreaking.’

This involves tweaking settings in the iOS software to make the operating system more open.

This is called ‘jailbreaking’ because it is the act of escaping from the Apple restrictions.

However, it is not advisable to hack an iPhone and install third-party apps.

Not only does the act of doing so void any warranty on the device, third-party apps have not been approved for security purposes.

It is the first malware that abuses a particular design flaw in Apple’s security system, called FairPlay.

The technique, called FairPlay Man in the Middle (MITM) has been used since 2013 to spread pirated apps on iOS.

But this is the first time it has been found to spread malware.

Apple lets customers download apps through iTunes on their computer, and then use the computer to install the apps on their iPhone or iPad.

The way it works is that the devices request an authorisation code for each app installed, to prove it was purchased.

In the FairPlay MITM attack, hackers will buy an app from the store and then intercept and save the authorisation code.

They then create software for the computer that simulates iTunes, and tricks the iOS device into thinking the app was bought by the victim.
Currently, the malware has only been spotted in China, but Palo Alto Networks warns that with easy configuration tweaks it could affect US and UK iPhone users as well.

Mr Xiao said that this kind of attack could become more widespread.

'AceDeceiver is evidence of another relatively easy way for malware to infect non-jailbroken iOS devices.

‘As a result, it’s likely we’ll see this start to affect more regions around the world, whether by these attackers or others who copy the attack technique. In addition, the new attack technique is more dangerous than previous ones.’

PS:
there is no malware in IOS

1 Like