News

Malicious people put malware in the App Store for iOS

By admin
Spread the love

Malicious people have succeeded in tricking Apple seven times into getting a malicious app or an update to the App Store. They circumvented security by disguising themselves as a regular wallpaper download app.

At startup, the app contacts a server in China, which then returns a number. If the server returns a ‘1’, a wallpaper app will appear, with a ‘0’ its own download store will appear that tries to extract the username and password from the user’s Apple ID, writes security company Palo Alto. The company calls the malware AceDeceiver.

The fact that Apple did not notice that it was malware was probably because the developers made sure that the app only showed the neat wallpaper app during the review period. The server only gives permission to show the download store at ip addresses from China. In addition, the server checks which device it is. If the device was previously outside of China, the user will not be able to see the download store either.

In total, the developers got three apps in the App Store and they’ve had a total of four updates, causing the unknowns to trick Apple’s app controllers seven times. What made the apps difficult to discover is that they were available in only a few countries. One of the apps was only on the App Store in Hong Kong and New Zealand, another only in the United States. In addition, the malware did not become active in those countries, but the criminals only targeted Chinese users.

With the listing in the App Store, the criminals got the app without an enterprise certificate on non-jailbroken iPhones via desktop software. It uses a desktop program called ”爱思助手, which Palo Alto translates as Aisi Helper. Using an already known vulnerability in Apple’s FairPlay drm, the software installs an AceDeceiver app on an iOS device without asking permission. To do this, the malicious parties had to reverse engineer parts of iTunes. Because the apps have been in the App Store, the server of the unknown developers can provide authentication for installing the malicious app.

After the report from Palo Alto, Apple removed the relevant apps from the App Store within a day. Further distribution of AceDeceiver is still possible via the desktop software Aisi Helper. It is unknown how many users have entered their usernames and passwords in the app.

This is not the first time that malware has appeared in the App Store. In September last year, dozens of apps with malware entered Apple’s download store due to an infected version of the developer program Xcode. A few months earlier, researchers managed to get malware into the App Store.

You might also like
News

Google is serious about ending passwords: ‘passkeys’ are becoming the…

News

Apple has been working on its own search engine for years. It’s called…

News

Rumor: Apple is working on its own applications based on a large language model

News

Netflix is ​​also discontinuing the Basic subscription in the US and UK

News

EU Council determines position on security requirements for digital products

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin