A new malware strain, AceDeceiver, that exploits a flaw in Apple’s DRM software to target iOS devices through Windows PCs, has been detected by researchers at Palo Alto Networks.
The campaign, which has already tainted 6 million iOS devices in China, is the first malware infection to target Apple’s FairPlay digital rights management system, the researchers said.
In an interview with Threatpost, Ryan Olson, director of threat intelligence for Palo Alto Networks, said the new malware is a “slow chipping away at Apple’s App Store security,” he said.
But this new infection, he added, differs from previous strains in that attackers are using a variation of a two-year-old technique, known as a “FairPlay Man-In-The-Middle” attack, to install malicious apps on iOS devices without a user’s knowledge.
While users in China are presently the sole target, Olson said he expected the campaign to spread.