iPhone malware KeyRaider stole thousands of Apple logins

1 Sep 2015 | Author: | No comments yet »

Hack Brief: Malware Hits 225,000 (Jailbroken, Mostly Chinese) iPhones.

With a track record of practically zero mass malware infections in its eight-year history, the iPhone is a remarkably secure little computer. The hack has hit 225,000 users from 18 countries including China, France, Russia, Japan, United Kingdom, United States, Canada, Germany, Australia, Israel, Italy, Spain, Singapore, and South Korea.The security credentials for more than 225,000 Apple accounts, including some in Australia, have been stolen by malware known as ‘KeyRaider’ according to a global security firm.

In what’s being called the “largest known Apple account theft caused by malware,” security specialists Palo Alto Networks on Sunday released a report detailing a new form of iOS malware it’s calling “KeyRaider,” which is responsible for stealing the account information from over 225,000 Apple customers. In that case, you might not be shocked—or at least shouldn’t be—to find that one of those rogue programs has been sharing your iTunes password with unsavory characters.

The malware targets those with hacked – aka “jailbroken” – iOS devices, so is not a significant threat to the millions of Apple account holders who have not made modifications to their device’s software. The malware only affects jailbroken devices, but if you get pwned, hackers can not only peek your password but also make App Store purchases without your permission. Some victims have already seen fraudulent charges on their accounts – where the criminals use account details to download premium apps for other devices. ‘Also, it can send a notification message demanding a ransom directly using the stolen certificate and private key, without going through Apple’s push server. Jailbreaking, for those unfamiliar with the term, is an activity that was more common in previous years as it allowed Apple device owners to install otherwise unapproved apps and tweaks on their iOS devices. The malware uploads stolen data to its command and control (C2) server, which itself contains vulnerabilities that expose user information.” It is suspected that user ‘mischa07’ is the culprit – Mr Xiao said some of the tweaks mischa07 uploaded have been downloaded tens of thousands of times. “Our primary suggestion for those who want to prevent KeyRaider and similar malware is to never jailbreak your iPhone or iPad if you can avoid it,” Mr Xiao said. “At this point in time, there aren’t any Cydia repositories that perform strict security checks on apps or tweaks uploaded to them.

After someone installs the malware, which hides in packages of code that offer “tweaks” to the iPhone’s operating system, it’s designed to intercept their iTunes log-in details and send them to a remote server. Many of these jailbroken apps allowed users to personalize their iPhone with things like themes, widgets, launchers, different user interfaces and more. Because jailbreaking an iOS device means the user is routing around the built-in security protections, that can open them up to malware attacks like this. Researchers came to this conclusion after WeipTech exploited a security vulnerability in the KeyRaider’s database of stolen credentials to download the entire collection and examined the email addresses associated with those accounts. While it’s unnerving to realize that a hacker can buy apps with unsuspecting users account, KeyRaider can also be used to remotely lock a device and hold them for ransom.

Details of this hack were previously reported by Chinese tech press in August, noting that with access to user account information, attackers could also acquire personal data, like emails, messages, documents, and photos. Other victims use Chinese domains like sina.com, 163.com and 139.com, though some stolen account details also include American domains like hotmail.com. This malware has infected a lot of users, but again, it only works on jailbroken phones. (Most of the affected users also appear to be located in China.) So if you haven’t jailbroken your iPhone, you should be fine. Let this serve as yet another warning that jailbreaking your phone might make it fun to change around your app icons or install bootleg apps or whatever. Then, perhaps, you should take stock of your freewheeling, jailbroken lifestyle, and consider coming back into Apple’s safe, comfortable prison with the rest of the iPhone flock.

The malware is more of a concern in China, not only because of the way it was being distributed (through Chinese Cydia repositories), but also because many sellers in the country sell pre-jailbroken iPhones to customers.

Here you can write a commentary on the recording "iPhone malware KeyRaider stole thousands of Apple logins".

* Required fields
All the reviews are moderated.
Twitter-news
Our partners
Follow us
Contact us
Our contacts

dima911@gmail.com

ICQ: 423360519

About this site