Short Bytes: Researchers have found that hackers have stolen more than 250,000 valid Apple accounts using an iOS malware named KeyRaider. However, this threat only affects the jailbroken devices.
Recently, the researchers have identified about 92 samples of a new iOS malware family in the wild. They analysed the suspicious Apple iOS tweaks reported by users and found a numerous number of Apple accounts and passwords stored on a server. The KeyRaider iOS malware targets the jailbroken iOS phones and is spread using the widely popular Cydia app repositories. This app is used to download apps and manage the jailbroken iPhones.
According to the Palo Alto networks, this threat has impacted users from 18 countries that include the likes of France, Russia, USA, China, UK, Germany, Canada, Australia, Israel, Italy, Spain, Singapore, and South Korea. This iOS malware hooks system process through MobileSubstrate and takes away account usernames, passwords and GUID by listening to iTunes traffic on the device.
Palo Alto writes:
The malware was reported due to weirdly behaving App Store as after finding multiple unauthorised App Store purchases, a student from China noticed that one tweak was uploading data to an unknown database. Actually, the KeyRaider iOS malware has stolen this data and uploaded the data to its command and control (C2) server. This server itself contains flaws and exposes the information.
KeyRaider iOS malware can be used to buy apps and remotely lock an iOS device and ask for ransom.
It should be noted that this iOS malware only works in jailbroken devices and most of the users seem to be located in China. Thus, jailbreaking your iOS device could be a great way to bring new apps and icons, but it’s equally dangerous.
Are you using a jailbroken iOS device? Tell us in the comments below.