More than 225,000 Apple accounts were discovered to be stolen by new iOS malware known as “KeyRaider.” According to Palo Alto Networks, KeyRaider is now responsible for the largest known Apple account theft ever caused by malware.
The KeyRaider malware targeted “jailbroken” iOS devices and was distributed through Cydia, a third-party repositories company located in China. The following 18 countries were affected by the Keyraider malware: United States, United Kingdom, Japan, Russia, France, China, Canada, Germany, Australia, Israel, Italy, Spain, Singapore and South Korea.
Basically, jailbreaking means freeing the device from the restrictions imposed on it by its creator. Users install a software application on their computer, and then transfer it to their iPhone, where it essentially “breaks open” the device’s file system, thus allowing the user to modify it as they see fit.
The way the malware operates is by hooking the iOS system process through MobileSubstrate, allowing hackers to steal Apple account usernames, passwords and device GUID by ways of intercepting iTunes traffic. Once KeyRaider has set itself up, it can push notification service certificates, private keyes, App Store purchasing information and even disable local and remote unlocking functionalities on the device. KeyRaider then uploads the user’s stolen data to its command control (C2) server.
Since the KeyRaider malware attack, impacted users have reported unusual app purchasing history, as well as claims that their iOS devices have been held for ransom and cannot be accessed. Symantec, a cybersecurity firm, said that any user willing to jailbreak their iOS device in order to download free apps and music takes a huge risk considering security updates cannot be performed on a jailbroken device.
“Third-party app stores often don’t have the same controls and policies in place when it comes to the software they distribute,” Symantec said “and may be used to harbour malicious copies of well-known apps or other malware.”
Pal Alto Networks suggests consumers never jailbreak their device unless they are willing to put their personal information in danger of theft.