Alert: Malware steals 225,000 Apple accounts

Home / Blog / Latest Cybersecurity Threats / Alert: Malware steals 225,000 Apple accounts

KeyRaider distributed through Chinese Cydia repositories.

A large amount of Apple accounts on jailbroken iOS devices appear to have been compromised by a new malware dubbed KeyRaider.

Security vendor Palo Alto Networks together with Chinese company We iPhone Tech Team (WeipTech) said they had collected 92 samples of the iOS malware in the wild.

KeyRaider is distributed mainly via Chinese Cydia third-party iOS repositories of software not authorised by Apple, the researchers said.

While Chinese iOS jailbreakers have been hit by KeyRaider, Palo Alto networks noted that the malware has struck users in 18 other countries, Australia included.

The malware steals users’ Apple account details – WeipTech discovered over 225,000 valid logins on a server after analysing what it said were suspicious iOS tweaks.

Apart from the valid Apple accounts, KeyRaider is said to have grabbed thousands of digital certificates, private encryption keys and software purchase receipts and uploaded them to command and control servers in China.

The researchers said the malware was devised to make it possible for users of two iOS jailbreak tweaks to download software and content from the official Apple App Store – without paying for them.

KeyRaider goes beyond fraudulently obtaining apps through stolen user credentials, however. Palo Alto noted that with Apple account credentials captured, attackers are able to control devices through the iCloud service as well as obtain their private data.

Some users reported that their devices were locked and held to ransom, although the researchers did not say how much money the blackmailers demanded to unlock them.

Read more: