AceDeceiver: A new iOS malware can infect even non-jailbroken devices without user confirmation.
AceDeceiver is fundamentally different from the latest malicious software for iOS because it exploits problems in Apple's DRM software and does not abuse business certificates, a common trick that has been using iOS malware for about two years.
AceDeceiver is the first malware for iOS to exploit flaws in FairPlay, Apple's DRM protection system to install malicious apps on iOS devices, whether or not jailbroken is. (Does not require root)
Apple naturally removed AppEceiver from App Store, but malware is still spreading, according to Palo Alto Networks security researchers who discovered it.
Malware needed the App Store only once to spread, simply requiring the victim to install an application on his computer. After that, iOS device infestation is completed in the background without the user's awareness and with the only indication of a new icon on the home screen of the device that the user does not remember that it has lowered it.
The hacking technique used by AceDeceiver is called "FairPlay Man-in-the-middle (MITM)", and has been used to install pirated applications on iOS since 2013. But this is the first time it has been used to spread malware .
Three different iOS applications containing AceDeceiver were uploaded to the official Apple App Store between July 2015 and February 2016. All three were wallpapers.
These applications managed to bypass Apple's security measures at least seven times, according to Palo Alto. AceDeceiver's success provides evidence that hackers have developed new techniques to bypass Apple's app code review process before climbing into the App Store.