Palo Alto Networks discovers first iOS malware

NEW DELHI: Your iPhone is no longer safe from viruses, as a security firm has confirmed the existence of an iOS malware which is powerful enough to infect even non-jailbreak phones.

A security company named Palo Alto Networks has revealed that they have found a Trojan, which exploits flaws in Apple’s DRM without needing to abuse enterprise certificates. Named as ‘AceDeceiver’ the virus activates when the device’s geotag is in China.

The new found malware works in a very complicated manner. According to the security company, AceDeceiver uses a method called FairPlay Man-in-the-Middle. In this mechanism, the attackers purchase apps and save the authorization code required for it to work on an iOS device. The iPhone users who download the client called AiSiHelper program which mimics iTunes will now be under the procession of an infected computer.


As soon as the user plug in their iPhone device, attackers can send an authorization code to trick the user’s device to give an impression that it is a paid app. Once the app download is complete on the victim’s phone, it will then prompt them for their Apple ID and password, which the attackers can access.

As per Palo Alto Networks, this method is often used to pirate apps before however, this is the first time FairPlay MITM has been used maliciously. The security firm also suggested that it is a pretty simple method and will be soon copied by other attackers.

Moreover, AceDeceiver can also be changed to work in other regions as well. The company also warned Apple about AceDeceiver last month and the Cupertino giant removed AceDeceiver apps from its App Store.