Did you jailbreak your iPhone? Beware of KeyRaider.
According to researchers at Palo Alto Networks, KeyRaider malware has stolen more than 225,000 Apple IDs from jailbroken iOS devices.
"We believe this to be the largest known Apple account theft caused by malware," the company said.
KeyRaider is primarily distributed via third-party Cydia repositories in China, but may have impacted users from 18 countries, including the U.S., Canada, the U.K., France, Russia, Japan, Germany, Australia, Israel, Italy, Spain, Singapore, and South Korea.
Palo Alto Networks worked with WeipTech, an amateur technical group made up of users from Weiphone, one of China's largest Apple fan sites. They started investigating over the summer, after users of jailbroken iOS devices reported unauthorized purchases in their Apple accounts.
As it turns out, the malware intercepts iTunes traffic to steal Apple usernames, passwords, and device GUIDs (Globally Unique Identifiers), as well as push notification service certificates and private keys. It also shares purchasing information, and can disable local and remote unlocking functionalities on iPhones and iPads, leaving users helpless to stop the crime.
As of Sunday, KeyRaider had stolen a reported 225,000-plus valid Apple IDs, which hackers use to impersonate users in App Store purchase requests. The malware, according to Palo Alto Networks, is linked to two other jailbreak tweaks that let users download paid iTunes apps for free.
Recommended by Our Editors
WeipTech created a database of stolen Apple IDs so people can check if theirs is among them. But the group warned that it was only able to snag about half of the list before the hackers locked them out, so you might still be at risk if your information is not there (that data was turned over to Apple on Aug. 26). Palo Alto, however, has another way to check if your device is at risk on its blog post. Non-jailbroken devices are not affected.
"Our primary suggestion for those who want to prevent KeyRaider and similar malware is to never jailbreak your iPhone or iPad if you can avoid it," Palo Alto Networks said in a blog. "Use all Cydia repositories at your own risk."
Folks are encouraged to change Apple account passwords after removing the malware, and enable two-factor authentication for Apple IDs.
Like What You're Reading?
Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Sign up for other newsletters
