Rules for pre-moderation of apps on the App Store for a long time compelled to consider the Apple store an impregnable fortress, particularly against the background of the situation faced by Google Play. However, in September already was an unpleasant Wake-up call, but in the attack were involved already existing popular apps that, apparently, have weakened the vigilance of the censors.
This time it became known at once about three got into the App Store family of Trojans AceDeceiver, for the first time using for the distribution technique of “FairPlay Man-In-The-Middle” (until now it was actively used to install pirated apps on iOS devices without jailbreaking). Curiously, all the Trojans pretended to be collections of Wallpapers and repeatedly passed moderation Apple. Moreover, as noted by Bugtraq, the fact of their removal from the App Store already does not affect the possibility of carrying out the attacks – it is enough that they’ve already been there.
The idea of the attack is based on intercepting queries FairPlay, which allows you to buy apps from the App Store in the desktop version of iTunes. Obtained authorization code is then transmitted to the device to confirm the fact of purchase. During the attack code is received using the optional client application that simulates the behavior of iTunes, which allows you to cheat your connected iOS device and install any application without the user’s knowledge.
In this case the role of the helper applications Helper played Aisi, popular Chinese client that provides management of iOS devices, jailbreak, backup, and install pirated apps from unofficial app store even on devices without jailbreak.
Trojan AceDeciver could work as a collection of Wallpaper, and as the customer of a third-party App Store. In the latter case, he actively lured the user Apple ID password and send data to the server creators. A small consolation may be the fact that in this particular case, the attacking mode enabled for only users in mainland China.