Q
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

How does the AceDeceiver Trojan install itself on iOS devices?

AceDeceiver is a Trojan that can install itself on iOS devices without any certificates. Expert Nick Lewis explains how it works, and how enterprises can prevent it.

Palo Alto Networks reported on a new iOS Trojan called AceDeceiver that can install itself on devices without using...

any kind of certificate. How does AceDeceiver do this, and what can security teams do about iOS Trojans like this?

AceDeceiver can be installed on iOS devices without jailbreaking the device or abusing the enterprise certificate install functionality. Palo Alto doesn't describe the malicious behavior of the application other than how it collects the AppleID and password, and how the application is initially targeted. Collection of the AppleID and password opens the user up to potential malicious activities and in itself is sufficient reason to classify AceDeceiver as malware. It appears AceDeceiver may have started out as a quasi-legitimate application for users to install pirated iOS applications. AceDeceiver has terms of service that state it is not responsible for malicious activities and other potentially questionable activities.

AceDeceiver can bypass standard install protections by abusing the FairPlay functionality used for digital rights management. Researchers from Georgia Tech presented an attack on Fairplay at USENIX Security 2014. The attack basically works by performing a man-in-the-middle attack using a system running iTunes, reusing the authorization code used for installing a legitimate app. It appears to target systems in mainland China, and only uses the nonmalicious functionality outside of that region.

Enterprises have several options for protecting their devices from this iOS Trojan. Palo Alto released indicators of compromise for the malware including the DNS names of the command-and-control infrastructure. Using these indicators of compromise, other security tools can detect and block the malware.

Next Steps

Learn more on Apple's iOS encryption and data protection features

Read how to defend against KeyRaider iOS malware

Find out how to mitigate iOS mobile phishing issues

This was last published in August 2016

Dig Deeper on Mobile security threats and prevention

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

2 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What does your enterprise do to prevent users from downloading potentially malicious iOS applications?
Cancel
Probably, at some point we will have to use a kind of mobile antivirus software, just like on the PCs. Malware could still slip in but we need to have intervention measures in place.
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close