Pirated apps ios

Pirated apps ios - Free Download

This mandatory policy has become one of the most important mechanisms in the iOS security ecosystem to ensure the privacy and security of iOS users. This post discusses our findings and potential security risks to iOS device users.

This app was a complex, fully functional third party App Store client for iOS users in mainland China. We also discovered enterprise signed versions of this application elsewhere in the wild. We had not identified any malicious functionality in this app, and as such we classified it as Riskware and have named it ZergHelper.

For users outside of China, it would act as what it claimed: However, when accessing the app from China, its real features would appear. The app was made available in the App Store on October 30, We shared our findings with Apple on February 19, and Apple removed the app from the App Store later that day.

In addition to its abuse of enterprise certificates, this riskware used some new and novel approaches to install apps on non-jailbroken devices. The app did send some device information automatically to a server for statistic tracking. The authors appeared to be trying to use the programming language Lua to make the app more extensible. We also identified over 50 ZergHelper apps that are signed by enterprise certificates.

These apps were spread by authors in different channels. ZergHelper was designed to be installed in this way: ZergHelper authors compiled it and embedded their own risky code. Official website guides user to download ZergHelper from App Store. When the app launched, it would connect to the URL interface[. The webpage was configured to return a not-found error if the access comes from an IP address outside of mainland China.

In this situation, the app would only display an English study interface left of Figure 5 — no other functionality was provided to users in these regions. The app provices different functionality based on HTTP request result. Different interfaces will be showed for users from different locations. If they are not located in mainland China, this method could trick them into seeing a legitimate app.

For users in China, the different user interfaces would appear right of Figure 5. Note that the device enrollment challenge is used to enroll the device to related MDM Mobile Device Management system. The app asks to install two profiles signed by certificate issued by GoDaddy. The app provided functionality of directly installing plenty of iOS apps and games to the device. It has pages for hot apps, hot games, top grossing apps, etc.

The only difference is, all apps or games provided by ZergHelper are free, which means, they are likely pirated versions of the legitimate apps. In the settings tab, for devices using pre The password would be remembered by the app. We have not identified where these Apple IDs came from.

Each of them could be used to spread pirated or cracked iOS apps. To be more specific, these functionalities have been implemented in the app:. Code to purchase an app by simulating the iTunes protocol.

The most surprising approach to installing apps on non-jailbroken devices is how ZergHelper abused free personal development certificates. Previously, Apple only offered iOS development certificates for registered developers who paid an annual fee. This kind of certificate is necessary for anyone to sign an app and then run it on a physical device.

From June , Apple began to provide a new program that allows anyone with an Apple ID to receive a certificate for free. The functionality is embedded into Xcode since its 7. There are limits on the number of iOS devices that can be authorized to use each certificate. Previously, people worried about whether the free certificates would be abused by someone to install pirated apps, but this technique shows abuse in a wide-ranging and automated way.

In the same week that we were analyzing ZergHelper, we observed someone selling source code that:. The information was posted on a famous security forum in China in February 19, and was then deleted on February The deleted post of selling related source code screenshot. We have not reverse-engineered the Windows client.

As far as we know, the purpose behind this is to implement the Windows client like an iTunes and to trick the iOS device into believing an iOS app has been authorized through the PC. This attack technique has been in use with some tools for years. Compared with previous malware, the main difference in ZergHelper is that it would not only download itms-service plist file from C2 server, but it could also open a local port to install some apps onsite.

This feature may have been designed for apps signed by personal certificates. The authors also developed other versions that are all signed by different enterprise certificates. These versions were distributed through different channels and could be installed to non-jailbroken devices. We found over 50 ZergHelper samples signed by nine different enterprise certificates. One of enterprise certificates being used to sign ZergHelper.

Previously there have been some malware e. The most recent cases are XcodeGhost and InstaAgent. Compared with those, ZergHelper has more user interfaces and more significantly suspicious code characteristics. But ZergHelper demonstrates new techniques that can evade Apple reviewer scrutiny. Since WireLurker , there have been more malware or evasive applications installed on iOS by abusing enterprise certificate. The biggest risk around this issue is the combination of enterprise certificate and private APIs.

ZergHelper took another step to automatically generate development certificates for free. This is of concern because the abuse of these certificates may be the first step toward future attacks. Some attackers ransom the stolen Apple IDs or phish for them. Use of Apple IDs only continues to grow, especially when we consider the amount of private data stored in iCloud and on iPhones and iPads.

Apple requires every single update to an app in the App Store to be reviewed again before publishing. For ZergHelper, re-review increases the possibility of exposure. The authors appear to have tried to resolve this problem by using a scripting language. This Lua plugin will be loaded and executed when the app first launches.

Through the wax library, this script could invoke many methods in the Objective-C runtime. Lua plugin in ZergHelper.

Apple disallows iOS app from dynamically loading new code or dynamically updating themselves. This is an important and useful security mechanism to mitigate the risk of some kinds of vulnerabilities and some malware. However, frameworks or SDKs like wax provide another way to bypass the restriction. Considering how easy it is to write code in these languages, and how hard it is to analyze or to detect them, we think this approach may be adopted by more malware or PUAs in every popular platform for example, the Android Trojan Xbot we recently revealed used JavaScript to implement part of its core functionality.

We also would like to thank the author of Surge for creating such awesome tool that greatly helped our analysis of ZergHelper. Notify me of followup comments via e-mail. By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. It will log in to an Apple server using these IDs to perform many operations in background. Its author is trying to extend its capabilities via dynamic updating of its code, which could further bypass iOS security restrictions.

It uses some novel techniques that are sensitive and risky — techniques that could be used by other malware to attack the iOS ecosystem. The app asks to install two profiles signed by certificate issued by GoDaddy The app provided functionality of directly installing plenty of iOS apps and games to the device. Main user interfaces In the settings tab, for devices using pre To be more specific, these functionalities have been implemented in the app: Simulate Xcode to Apply Personal Development Certificate The most surprising approach to installing apps on non-jailbroken devices is how ZergHelper abused free personal development certificates.

Fetch development certificate Using the development certificate, ZergHelper could sign other iOS apps on iOS devices and then install them. In the same week that we were analyzing ZergHelper, we observed someone selling source code that: Enterprise Certificate Since WireLurker , there have been more malware or evasive applications installed on iOS by abusing enterprise certificate.

Code Dynamic Loading Apple requires every single update to an app in the App Store to be reviewed again before publishing. Lua plugin in ZergHelper Apple disallows iOS app from dynamically loading new code or dynamically updating themselves.

This is one of the best news many iOS users were facing. Hope, it remains smooth in future. Got something to say? Cancel reply Notify me of followup comments via e-mail. Unit 42 Sign up to receive the latest news, cyber threat intelligence and research from Unit42 By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.

Company Careers Sitemap Report a Vunerability.

pirated apps ios

Chinese app store offers pirated iOS apps without the need to jailbreak

Apple disallows iOS app from dynamically loading new code or dynamically updating themselves. Avast thar ye swabbies! The information was posted on a famous security forum in China in February 19, and was then deleted on February I use me booties from treasure hunting to download music and apps. Main user interfaces In the settings tab, for devices using pre Even the seadogs on the […].

How to Install Free Pirated Apps on your iPhone Without Jailbreaking

Rather than distributing the apps solely to employees, the signed apps are made available on for anyone to download. Of course, Apple will be looking into shutting down the piracy shop. Sailing in the seven seas is a lot of fun. Simulate Xcode to Apply Personal Development Certificate The most surprising approach to installing apps on non-jailbroken devices is how ZergHelper abused free personal development certificates. This feature may have been designed for apps signed by personal certificates. The last time we went on land, I had some of me gold coins exchange for cash so I could buy the new iPhone 5. The most recent cases are XcodeGhost and InstaAgent.

Pirated iOS App Store’s Client Successfully Evaded Apple iOS Code Review

pirated apps ios

Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. The app provices different functionality based on HTTP request result. ZergHelper took another step to automatically generate development certificates for free. Lua plugin in ZergHelper Apple disallows iOS app from dynamically loading new code or dynamically updating themselves. This feature may have been designed for apps signed by personal certificates. Simulate Xcode to Apply Personal Development Certificate The most surprising approach to installing apps on non-jailbroken devices is how ZergHelper abused free personal development certificates. From June , Apple began to provide a new program that allows anyone with an Apple ID to receive a certificate for free. This post discusses our findings and potential security risks to iOS device users. This site may earn affiliate commissions from the links on this page. We have not identified where these Apple IDs came from.

Summary
Review Date
Reviewed Item
Pirated apps ios
Author Rating
51star1star1star1star1star

Leave a Reply

Your email address will not be published. Required fields are marked *