Screen Shot 2016-03-19 at 12.35.39 AMiPhone’s are very secure device  when it comes to security, But now iPhones are also getting affected by malware.

A security firm,  Palo Alto Networks announced it found a Trojan that exploits flaws in Apple’s DRM without needing to abuse enterprise certificates, and they’re calling it “AceDeceiver.” This Malware can even affect the device which are not jailbroken.

According to Palo Alto Networks the process of this malware is bit complicated. AceDeceiver uses a mechanism called FairPlay Man-in-the-Middle, where attackers purchase apps and save the authorization code needed for it to work on an iOS device. Attackers can then use fake iTunes clients to send an authorization code to trick a victim’s device to make it believe it purchased the app, and then it will download it.

Just after the successful download of the app on device the app then works as Trojan, which gives access to the device.

The method is pretty simplistic, and is likely to be copied by other attackers.  AceDeceiver could also be easily changed to work in regions besides China, although the security company said its region-locked activation makes it harder to be discovered by Apple.

The security firm has reported AceDeceiver back in February and Apple removed those infected apps from the App Store.

Advertisements