AceDeceiver – new Trojan for iOS
March 31, 2016
Despite the fact that Apple’s devices are considered to be resistant to hacking and virus infections, the reality is different. Few weeks ago, the new Trojan AceDeceiver appeared and it is targeting iOS devices. So far, it is active only in China, but like all viruses it is able to spread to the whole world.
What is AceDeceiver?
Trojan exploits a vulnerability found in FairPlay, which is built into Apple to protect DRM-licenses. It fakes code authorization check when installing the application. Thus, Trojan imitates the iTunes, making user to believe that the application that will be installed was purchased.
How users getting infected with AceDeceiver?
Users, who were infected with AceDeceiver installed on their computers with Windows operating system a program called Aisi Helper. It is advertised as utility for managing iOS devices, which replaces some of the functions of the official iTunes application. Also, Aisi Helper works with third-party app store, so it allows to use the vulnerability mentioned before. It installs an application on the smartphone via USB, which asks user’s Apple ID and transmits all personal information to the cyber criminals.
When user tries to install the application iOS device checks whether the installed application is downloaded from the App Store. Only after successful verification it allows to install it. In order to trick the system, cyber criminals have created a legitimate application and placed it on the official App Store. The app was disguised into library of wallpapers, in reality they were stealing the authorization code. Copies of this particular authorization code were used by hackers in order to go further and trick the system test.
Of course, Apple removed the fake application from the App Store, however, this has not stopped the hacking activity, as attackers have been able to get the authorization code and there is no need any more for the fake application.
Who is at risk?
Since, Apple removed the fake application from the App Store, in the field risk are only those who continue to use Aisi Helper software for Windows. So, if you are one of them, we highly recommend to remove that program from your computer.
How to prevent the infection with AceDeceiver?
- If you are using Aisi Helper, remove it immediately. Remember, none of the third-party application does not have the right to ask for your personal information.
- Provide your Apple ID only to genuine applications, such as iTunes.
- Check whether you have installed any of these certificates (ansi.aisiring, aswallpaper.mito, i4.picture).
- Change your Apple ID password.