It looks like iOS devices, as popular as they are, will need to go through yet another round of security checks, as there is a brand new iOS trojan which has been discovered, known as AceDeceiver. AceDeceiver is slick enough that it can even infect non-jailbroken iOS devices via PCs – and it does so without having to exploit an enterprise certificate.
AceDeceiver was discovered by Palo Alto Networks, and right now, it affects iOS users over in China. How does infection of the AceDeceiver work? For starters, it will take advantage of flaws in FairPlay, which is Apple’s digital rights management (DRM) system. Making use of the “FairPlay Man-in-the-Middle” technique, it spoofs authorization codes to get onto an iOS device.
From July of 2015 to February of 2016, there has been a trio of AceDeceiver iOS apps which have been uploaded to the official iOS App Store, where they seemed to be nothing but ordinary wallpaper apps, ensuring that attackers have a fake authorization code to exploit in the AceDeceiver attacks. You can read more about what AceDeceiver is all about here. Before Android users gloat, do not do so, as the Android platform has not been short of malware attacks and trojans prior to this.