KeyRaider Malware Targets Jailbroken iPhones

1 Sep 2015 | Author: | No comments yet »

Hack Brief: Malware Hits 225,000 (Jailbroken, Mostly Chinese) iPhones.

The hack has hit 225,000 users from 18 countries including China, France, Russia, Japan, United Kingdom, United States, Canada, Germany, Australia, Israel, Italy, Spain, Singapore, and South Korea. In what’s being called the “largest known Apple account theft caused by malware,” security specialists Palo Alto Networks on Sunday released a report detailing a new form of iOS malware it’s calling “KeyRaider,” which is responsible for stealing the account information from over 225,000 Apple customers.

In that case, you might not be shocked—or at least shouldn’t be—to find that one of those rogue programs has been sharing your iTunes password with unsavory characters. The malware targets those with hacked – aka “jailbroken” – iOS devices, so is not a significant threat to the millions of Apple account holders who have not made modifications to their device’s software.

The malware only affects jailbroken devices, but if you get pwned, hackers can not only peek your password but also make App Store purchases without your permission. Some victims have already seen fraudulent charges on their accounts – where the criminals use account details to download premium apps for other devices. ‘Also, it can send a notification message demanding a ransom directly using the stolen certificate and private key, without going through Apple’s push server. Jailbreaking, for those unfamiliar with the term, is an activity that was more common in previous years as it allowed Apple device owners to install otherwise unapproved apps and tweaks on their iOS devices. After someone installs the malware, which hides in packages of code that offer “tweaks” to the iPhone’s operating system, it’s designed to intercept their iTunes log-in details and send them to a remote server.

Many of these jailbroken apps allowed users to personalize their iPhone with things like themes, widgets, launchers, different user interfaces and more. However, the activity has declined in popularity as Apple began to address some of the reasons users jailbroke their phones in the first place by adding officially approved customization options like Today widgets, dynamic wallpapers, improved multitasking experiences, custom keyboards, and more. Because jailbreaking an iOS device means the user is routing around the built-in security protections, that can open them up to malware attacks like this. It doesn’t only steal Apple account user names, passwords and device GUIDs (device IDs), it also steals certificates and private keys used by Apple Push Notification Service and it prevents the infected iPhone or iPad from being unlocked either by passcode or the iCloud service. Researchers came to this conclusion after WeipTech exploited a security vulnerability in the KeyRaider’s database of stolen credentials to download the entire collection and examined the email addresses associated with those accounts.

While it’s unnerving to realize that a hacker can buy apps with unsuspecting users account, KeyRaider can also be used to remotely lock a device and hold them for ransom. Details of this hack were previously reported by Chinese tech press in August, noting that with access to user account information, attackers could also acquire personal data, like emails, messages, documents, and photos. Other victims use Chinese domains like, and, though some stolen account details also include American domains like This malware has infected a lot of users, but again, it only works on jailbroken phones. (Most of the affected users also appear to be located in China.) So if you haven’t jailbroken your iPhone, you should be fine.

Let this serve as yet another warning that jailbreaking your phone might make it fun to change around your app icons or install bootleg apps or whatever. Then, perhaps, you should take stock of your freewheeling, jailbroken lifestyle, and consider coming back into Apple’s safe, comfortable prison with the rest of the iPhone flock. The malware is more of a concern in China, not only because of the way it was being distributed (through Chinese Cydia repositories), but also because many sellers in the country sell pre-jailbroken iPhones to customers.

Here you can write a commentary on the recording "KeyRaider Malware Targets Jailbroken iPhones".

* Required fields
All the reviews are moderated.
Our partners
Follow us
Contact us
Our contacts

ICQ: 423360519

About this site