AceDeceiver-Minimal Opportunity for Infection, Yet Pertinent

Apple offers many features like Apple Pay.
Apple offers many features like Apple Pay.

With Apple devices, in general, the users are safe with their equipment from malware. In comparison to the competition, the Apple App store’s products do not have a significant amount of issues. The number of issues encountered by users is minimal. Over the last few years, these have numbered only in the low single digits.

 

However in the last year there have been a couple of pieces of malware that are troubling to Apple users.  These new pieces of malware may attack directly or indirectly. Using the indirect methodology, the latest example of this has been AceDeceiver. This malware began to be seen around January of 2013.
Scope
The target scope for this malware was very limited. The potential victims are people that connect the iPhone or iPad to a PC and lives in China. This is a very limited sample of persons to attack. If the user were to connect their device to a Mac, there would not be an issue. If the user lives outside mainland China, the malware also will not activate.
Infection Method

AceDeceiver exploited a flaw in Apple’s Fair Play digital rights management (DRM) system. The actual mechanism for this has been a program-Aisi Helper. This had been marketed to be a tool to assist with the Apple users to back-up and jailbreak their devices. For the exploit to take an effect, the equipment does not necessarily have to be jail-broken. After the infection, the malware was written to capture the Apple credentials.
Unusual
The users are drawn in by thinking the program will assist with their act of jail-breaking their device, however this is far from the case. The user is negatively impacted by their nefarious intent. This presently only affects users in China. It would not however be too significant of a code modification to change this. in this case, the infection rate could exponentially grow.

Fixes

If the user happens to be infected, the Aisi Helper program should be deleted, the user should run a virus scan with updated definitions, and the Apple ID should be changed.

As I mentioned at the beginning, Apple products are generally safe, as is the Apple App store. However, those with malicious intent seem bent on creating havoc with Apple so be aware of the situation and use caution.

Charles Parker, II, has been coding since the mid-1980’s, and has been working in the finance, auto manufacturer, and health industries seeking secure solutions for issues for over 17 years. Charles has an MBA, MSA, JD, LLM, and is a doctoral candidate for a PhD in Information Assurance and Security.