Prime Inspiration

KeyRaider iOS Malware Affects Jailbroken iOS Devices

by

Haridas Gowra
in
KeyRaider Malware For iOS
KeyRaider Malware For iOS

According to a new report, a new iOS malware called KeyRaider has stolen around 225,000 Apple accounts from jailbroken iPhones. This malware was found by the security research company Palo Alto, who claims it as “one of the largest known thefts of its kind”.

The purpose of this attack was to make it possible for users of two iOS jailbreak tweaks to download applications from the official App Store and make in-app purchases without actually paying. The malware has affected over 225,000 users throughout the world, including China, France, Russia, Japan, United Kingdom, United States, Canada, Germany, Australia, Israel, Italy, Spain, Singapore, and South Korea. The KeyRaider malware works through Cydia, the popular app that makes it easier to not only manage installed apps on a jailbroken handset, but also easier to access and install apps not available in the App Store.

The malware collects a number of other items in addition to Apple ID usernames and passwords. It also targets the device’s unique identifier, or GUID, alongside security certificates and private keys for Apple push notification service as well as App Store purchase data. Once installed, the malware also disables the ability to unlock iOS devices, a feature occasionally used to control your device remotely for ransom.

It can locally disable any kind of unlocking operations, whether the correct passcode or password has been entered. Also, it can send a notification message demanding a ransom directly using the stolen certificate and private key, without going through Apple’s push server. Because of this functionality, some of previously used “rescue” methods are no longer effective.

The purpose of the malware is not only to steal your credentials, but also to allow users to purchase from Apple App Store without paying. It uses stolen credentials to impersonate legitimate users in App Store purchase requests.

To date, the malware records over 20,000 downloads, which means that around that number of users have been abusing the account information of 225,000 stolen credentials.

The malware is more of a concern in China, not only because of the way it was being distributed (through Chinese Cydia repositories), but also because many sellers in the country sell pre-jailbroken iPhones to customers.

According to Palo Alto Networks reports, this malware works only in jailbroken devices, which means your Apple account, is likely fine in case you have not jailbroken any iOS device lately. Even if you have jailbroken your device, the KeyRaider malware needs you to install an app from a third-party Cydia repository, and it is likely many of you have not done that either.

In case you think you might be one of the 225,000 people affected by the hack, you can use this site – WeipTech.org  (it is in Chinese, so use Google Translate) to see if your jailbroken device has been compromised.

Source: Palo Alto

Tags:

, , , , , ,
Haridas Gowra Avatar
Haridas Gowra
Loves space, gadgets, comics and believes PC is superior to consoles.

Help Us Grow

If you like this post, please share it with your friends.

You are free to copy and redistribute this article in any medium or format, as long as you keep the links in the article or provide a link back to this page.

Subscribe to Newsletter

Privacy Settings

Privacy & Cookie Overview

Our website uses cookies to provide you with the best user experience possible. These cookies are stored in your browser and perform essential functions such as recognizing you when you return to our website, as well as helping us to understand which sections of the website you find most useful and engaging.

To learn more, you can read our Privacy & Cookie Policy or reach out through our Contact form.

Strictly Necessary Cookies

Strictly Necessary Cookies must always be enabled to ensure the proper functioning of this website and to allow us to provide you with excellent service. These cookies are also essential for saving your cookie preferences.

Google Adsense

We use Google AdSense to keep this site free by displaying relevant ads. AdSense requires essential cookies that cannot be disabled, but you can manage other cookies. We respect your privacy and provide options to control non-essential cookies.

For more details on how Google handles your data, visit Google's Data Usage Policy. Please review our Privacy Policy for more information on how we protect your data.

AddToAny

We use AddToAny for social sharing. It doesn’t store cookies, ensuring a privacy-friendly experience. AddToAny complies with GDPR and CCPA by default.

For more, see their Privacy Policy.

OneSignal

We use OneSignal to send notifications to users who opt in. OneSignal complies with GDPR and is certified under the EU-US and Swiss-US Privacy Shield frameworks.

For more, see their Privacy Policy.

3rd Party Cookies

This website utilizes third-party cookies, which can enhance your experience and support our ongoing efforts to improve our services.

Google Analytics

We use Google Analytics to collect anonymous data, such as visitor numbers and popular pages, to improve user experience and site performance. Keeping this cookie enabled helps us refine the site based on visitor activity.

For more information, see Google’s Privacy Policy.

Discover more from Prime Inspiration

Subscribe now to keep reading and get access to the full archive.

Continue reading