Apple’s mobile operating system just got a nasty bug.
Researchers from the cybersecurity firm Palo Alto Networks (PANW) said on Wednesday that they discovered new malware that can infect Apple iOS devices even if they aren’t jailbroken.
A jailbroken device generally refers to an iPhone or iPad that has been modified without approval by Apple so the user can install software and apps that aren’t available on the Apple App Store. Apple discourages its customers to jailbreak their devices and says that doing so puts the devices at greater risk of security vulnerabilities.
Get Data Sheet, Fortune’s technology newsletter.
The fact that the newly discovered malware, dubbed AceDeceiver, affects non-tampered iOS devices is noteworthy because it shows that hackers are “getting around Apple’s security measures,” the researchers explained. Although hackers are still primarily targeting Android devices, the researchers explained that they are turning their attention on iOS devices “because they are so widely popular.”
The latest danger coincides with a recent report on iOS malware attacks by the security firm Bit9 + Carbon Black that found that more malware affected iOS devices in 2015 than the previous five years combined. The good news is that AceDeceiver only affects users in China, at least so far.
Additionally, for the malware to spread to an iOS device, users must have mistakenly installed a corrupted program on their Windows-powered PC to help manage their iOS device. Instead of helping a user backup their iPhone, however, the program covertly installs “malicious apps on any iOS device that is connected to the PC,” the report said.
By exploiting a flaw in Apple’s Fairplay software that prevents purchased apps from being used on non-authorized devices, the bogus program scans the App Store for other corrupted apps in the AceDeceiver family and downloads the software to the device. These AceDeceiver-related apps then repeatedly asks users to enter their Apple IDs and passwords, which gives hackers access to private user information.
Even though Apple (AAPL) may have removed the bogus apps from the App Store, the authors claim that the corrupted Windows app is able to download fraudulent apps no longer hosted on the App Store.
The attackers use a hacking technique that exploits device and app authorization files they received from Apple when the fake apps were once on the App Store; these authorization files can then be used to trick an iOS device to think it’s downloading software from the App Store.
This so-called FairPlay Man-In-The-Middle attack “only requires these apps to have been available in the App Store once,” according to the report.
