Malicious people put malware in the App Store for iOS

Spread the love

Malicious people have succeeded in tricking Apple seven times into getting a malicious app or an update to the App Store. They circumvented security by disguising themselves as a regular wallpaper download app.

At startup, the app contacts a server in China, which then returns a number. If the server returns a ‘1’, a wallpaper app will appear, with a ‘0’ its own download store will appear that tries to extract the username and password from the user’s Apple ID, writes security company Palo Alto. The company calls the malware AceDeceiver.

The fact that Apple did not notice that it was malware was probably because the developers made sure that the app only showed the neat wallpaper app during the review period. The server only gives permission to show the download store at ip addresses from China. In addition, the server checks which device it is. If the device was previously outside of China, the user will not be able to see the download store either.

In total, the developers got three apps in the App Store and they’ve had a total of four updates, causing the unknowns to trick Apple’s app controllers seven times. What made the apps difficult to discover is that they were available in only a few countries. One of the apps was only on the App Store in Hong Kong and New Zealand, another only in the United States. In addition, the malware did not become active in those countries, but the criminals only targeted Chinese users.

With the listing in the App Store, the criminals got the app without an enterprise certificate on non-jailbroken iPhones via desktop software. It uses a desktop program called ”爱思助手, which Palo Alto translates as Aisi Helper. Using an already known vulnerability in Apple’s FairPlay drm, the software installs an AceDeceiver app on an iOS device without asking permission. To do this, the malicious parties had to reverse engineer parts of iTunes. Because the apps have been in the App Store, the server of the unknown developers can provide authentication for installing the malicious app.

After the report from Palo Alto, Apple removed the relevant apps from the App Store within a day. Further distribution of AceDeceiver is still possible via the desktop software Aisi Helper. It is unknown how many users have entered their usernames and passwords in the app.

This is not the first time that malware has appeared in the App Store. In September last year, dozens of apps with malware entered Apple’s download store due to an infected version of the developer program Xcode. A few months earlier, researchers managed to get malware into the App Store.

You might also like