AceDeceiver malware: What you need to know!
There's a new form of iOS malware making the rounds that uses mechanisms previously employed to pirate apps as a way to infect iPhones and iPads. Dubbed "AceDeceiver", it simulates iTunes in order to get a trojan app onto your device, at which point it tries to engage in other nefarious behavior.
What is "AceDeceiver"?
From Palo Alto Networks:
We've seen cracked apps used to infect desktop computers for years, in part because people will go to extraordinary lengths, including deliberately circumventing their own security, when they think they're getting something for nothing.
What's new and novel here is how this attack gets malicious apps onto iPhones and iPads.
How is that happening?
Basically, by creating a PC app that pretends to be iTunes, and then transfers the malicious apps over when you attach your iPhone or iPad over USB to Lightning cable.
Again, Palo Alto Networks:
So only people in China are at risk?
From this one specific implementation, yes. Other implementations, though, could target other regions.
Am I at risk?
Most people aren't at risk, at least not right now. Though a lot depends on individual behavior. Here's what's important to remember:
- Pirate app stores and "clients" used to enable them are giant neon targets for exploitation. Stay far, far away.
- This attack begins on the PC. Don't download software you don't absolutely trust.
- Malicious apps spread from the PC to iOS over the Lightning to USB cable. Don't make that connection and they can't spread.
- Don't ever — ever — give a third-party app your Apple ID. EVER.
So what makes this different than previous iOS malware?
Previous instances of malware on iOS have either depended on distribution through the App Store, or abusing enterprise profiles.
When distributed through the App Store, once Apple removed the offending app it could no longer be installed. With enterprise profiles, the enterprise certificate could be revoked, preventing the app from launching in the future.
In the case of AceDeceiver, the iOS apps are already signed by Apple (by way of the App Store approval process) and distribution is being performed through infected PCs. So, simply removing them from the App Store — which Apple has already done in this case — doesn't also remove them from already infected PCs and iOS devices.
How Apple combats these types of attacks in the future will be interesting to see. Any system with humans involved will be vulnerable to social engineering attacks — including the promise of "free" apps and features in exchange for downloading and/or sharing logins.
It's up to Apple to patch the vulnerabilities. It's up to us to be ever vigilant.
Is this where you bring up FBI vs. Apple?
Absolutely. This is exactly the reason why mandated backdoors are a disastrously bad idea. Criminals are already working overtime to find accidental vulnerabilities they can exploit to do us harm. Giving them deliberate ones is nothing short of recklessly irresponsible.
From Jonathan Zdziarski:
Everyone should be working together to harden our systems, not to weaken them and leave we, the people, vulnerable. Because it's the attackers who'll be the first ones in and the last ones out.
With all of our data.
Get more iMore in your inbox!
Our news, reviews, opinions, and easy to follow guides can turn any iPhone owner into an Apple aficionado
Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.