Published On: Mon, Aug 31st, 2015

KeyRaider Malware Responsible For Possibly Largest Known Apple Account Theft To Date, Affecting 225,000 Users

Jailbreaking your iPhone has a downsides. In what’s being called a “largest famous Apple criticism burglary caused by malware,” confidence specialists Palo Alto Networks on Sunday expelled a news detailing a new form of iOS malware it’s job “KeyRaider,” that is obliged for hidden a criticism information from over 225,000 Apple customers. The malware targets those with hacked – aka “jailbroken” – iOS devices, so is not a poignant hazard to a millions of Apple criticism holders who have not done modifications to their device’s software.

Jailbreaking, for those unknown with a term, is an activity that was some-more common in prior years as it authorised Apple device owners to implement differently unapproved apps and tweaks on their iOS devices.

Many of these jailbroken apps authorised users to personalize their iPhone with things like themes, widgets, launchers, opposite user interfaces and more. However, a activity has declined in recognition as Apple began to residence some of a reasons users jailbroke their phones in a initial place by adding strictly authorized customization options like Today widgets, energetic wallpapers, softened multitasking experiences, tradition keyboards, and more.

Because jailbreaking an iOS device means a user is routing around a built-in confidence protections, that can open them adult to malware attacks like this. For example, in a past, an conflict called “Unflod” intercepted encrypted trade to take Apple passwords. Another conflict called AppBuyer used a identical technique to take passwords and squeeze apps from a App Store.

However, a KeyRaider malware goes further.

It doesn’t usually take Apple criticism user names, passwords and device GUIDs (device IDs), it also steals certificates and private keys used by Apple Push Notification Service and it prevents a putrescent iPhone or iPad from being unbarred possibly by passcode or a iCloud service.

That has led to some users carrying their iPhone hold for release in arise of a malware’s distribution.


The investigate into this latest malware was conducted by Palo Alto Networks along with amateur  technical group WeipTech, that is done adult of users from a vast Apple fansite called Weiphone, based in China. The organisation had begun questioning reports that some users’ Apple accounts were being used to make unapproved purchases and implement apps.

Details of this penetrate were formerly reported by Chinese tech press in August, observant that with entrance to user criticism information, enemy could also acquire personal data, like emails, messages, documents, and photos.

KeyRaider was distributed by third-party Cydia repositories in China, yet impacted users from outward a nation as well, including those from France, Russia, Japan, United Kingdom, United States, Canada, Germany, Australia, Israel, Italy, Spain, Singapore, and South Korea.

However, Palo Alto Networks tells us a infancy of a infections are in China.

“We did brand e-mail addresses compared with many other countries, yet they were a minority,” Ryan Olson, comprehension executive of Unit 42 during Palo Alto Network tells us.

He also says that Palo Alto can’t definitively be certain this is a largest conflict to date, since it’s not always probable to quantify a distance and range of these hacks.

“Typically we don’t find out how many certification were stolen,” Olson explains. “In this case, WeipTech was means to entrance a database of stolen certification that gave us a many improved count than in prior events.” Olson also adds that malware for iOS is not as common, yet other information breaches have leaked info, as remarkable above.

People currently might be many informed with a luminary print iCloud attack, for example, that leaked private photos. But that conflict was a much smaller scale, inspiring hundreds during best, and was formed on phishing, not malware.

  1. keyraider1-500×276

  2. keyraider2

  3. keyraider3-500×197

  4. keyraider4

  5. keyraider5

  6. keyraider6-500×279

According to Palo Alto Networks, KeyRaider malware has stolen over 225,000 current Apple accounts and thousands of certificates, private keys, and purchasing receipts. The stolen information is uploaded to a command-and-control server that also has vulnerabilities.

The conflict creates it probable for users of dual iOS jailbreak tweaks to download applications from a App Store though paying. To date, a tweaks have been downloaded over 20,000 times that means that around that series of users have been abusing a criticism information of 225,000 stolen credentials.

The malware is more of a regard in China, not usually since of a approach it was being distributed (through Chinese Cydia repositories), yet also since many sellers in a nation sell pre-jailbroken iPhones to customers.

In other words, KeyRaider is not an emanate that affects a extended apportionment of a iOS user base. Apple had a reported 885 million iTunes accounts as of a year ago, so 225,000 influenced people is a really tiny commission of Apple criticism holders. But a malware’s existence does prove there could be intensity problems forward as Apple’s participation in a Chinese marketplace grows.

We reached out to Apple for comment, and will refurbish if one is provided.

About the Author

Leave a comment

XHTML: You can use these html tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>