Palo Alto Networks


'Palo Alto Networks' Articles

'AceDeceiver' iOS Trojan Spotted in China, Bypasses Apple's DRM Mechanism

A new iOS trojan has been found in the wild that's able to infect non-jailbroken iOS devices through PCs without the need to exploit an enterprise certificate. Named "AceDeceiver," the malware was discovered by Palo Alto Networks and is currently affecting iOS users in China. AceDeceiver infects an iOS device by taking advantage of flaws in FairPlay, Apple's digital rights management (DRM) system. According to Palo Alto Networks, it uses a technique called "FairPlay Man-in-the-Middle," which has been used to spread pirated iOS apps in the past by using fake iTunes software and spoofed authorization codes to get the apps on iOS devices. The same technique is now being used to spread the AceDeceiver malware. Apple allows users purchase and download iOS apps from their App Store through the iTunes client running in their computer. They then can use the computers to install the apps onto their iOS devices. iOS devices will request an authorization code for each app installed to prove the app was actually purchased. In the FairPlay MITM attack, attackers purchase an app from App Store then intercept and save the authorization code. They then developed PC software that simulates the iTunes client behaviors, and tricks iOS devices to believe the app was purchased by victim. Therefore, the user can install apps they never actually paid for, and the creator of the software can install potentially malicious apps without the user's knowledge.From July of 2015 to February of 2016, three AceDeceiver iOS apps were uploaded to the official iOS App Store, posing as wallpaper apps

What You Need to Know About iOS Malware XcodeGhost

Earlier this week, Chinese developers disclosed new iOS malware called XcodeGhost on microblogging service Sina Weibo. U.S. cybersecurity firm Palo Alto Networks has since published details about the malware. MacRumors has created a FAQ so you can learn more about XcodeGhost and how to keep your iOS devices protected. What is XcodeGhost? XcodeGhost is a new iOS malware arising from a malicious version of Xcode, Apple's official tool for developing iOS and OS X apps. How is XcodeGhost distributed? A malicious version of Xcode was uploaded to Chinese cloud file sharing service Baidu and downloaded by some iOS developers in China. Chinese developers then unknowingly compiled iOS apps using the modified Xcode IDE and distributed those infected apps through the App Store. Those apps then managed to pass through Apple's code review process, enabling iOS users to install or update the infected apps on their devices. Which devices are affected? iPhone, iPad and iPod touch models running an iOS version compatible with any of the infected apps. The malware affects both stock and jailbroken devices. Which apps are affected? Palo Alto Networks has shared a full list of over 50 infected iOS apps, including WeChat, NetEase Cloud Music, WinZip, Didi Chuxing, Railway 12306, China Unicom Mobile Office and Tonghuashun. How many users are affected? XcodeGhost potentially affects more than 500 million iOS users, primarily because messaging app WeChat is very popular in China and the Asia-Pacific region. Which unofficial versions of Xcode are affected? All