Malware steals 225,000 Apple accounts on jailbroken devices

By on
Malware steals 225,000 Apple accounts on jailbroken devices
KeyRaider in ransomware mode. Source: WeipTech/Palo Alto Networks.

KeyRaider distributed through Chinese Cydia repositories.

A large amount of Apple accounts on jailbroken iOS devices appear to have been compromised by a new malware dubbed KeyRaider.

Security vendor Palo Alto Networks together with Chinese company We iPhone Tech Team (WeipTech) said they had collected 92 samples of the iOS malware in the wild.

KeyRaider is distributed mainly via Chinese Cydia third-party iOS repositories of software not authorised by Apple, the researchers said.

While Chinese iOS jailbreakers have been hit by KeyRaider, Palo Alto networks noted that the malware has struck users in 18 other countries, Australia included.

The malware steals users' Apple account details - WeipTech discovered over 225,000 valid logins on a server after analysing what it said were suspicious iOS tweaks.

Apart from the valid Apple accounts, KeyRaider is said to have grabbed thousands of digital certificates, private encryption keys and software purchase receipts and uploaded them to command and control servers in China. 

The researchers said the malware was devised to make it possible for users of two iOS jailbreak tweaks to download software and content from the official Apple App Store - without paying for them.

KeyRaider goes beyond fraudulently obtaining apps through stolen user credentials, however. Palo Alto noted that with Apple account credentials captured, attackers are able to control devices through the iCloud service as well as obtain their private data.

Some users reported that their devices were locked and held to ransom, although the researchers did not say how much money the blackmailers demanded to unlock them.

Apart from changing Apple account passwords and enabling two-factor authentication, the researchers said users of jailbroken devices can install an OpenSSH server and connect to them using a command line terminal and grep (search) for the following strings in the /Library/MobileSubstrate/DynamicLibraries directory:

  • wushidou
  • gotoip4
  • bamu
  • getHanzi

If any of the dynamic library files in the directory contain the above strings, researchers suggested users delete them. Users are also advised to delete any plist files with the same name as the malicious dynamic library files, and reboot their devices.

The best precaution to avoid infection by KeyRaider and similar malware is not to jailbreak iPhones and iPads, the researchers said. Cydia repositories do not perform strict software security checks, they added, and warned they be used at users' own risk

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
applecydiaiosiphonejailbreakpalo alto networkssecurityweiptech

Sponsored Whitepapers

Free eBook: Digital Transformation 101 – for banks
Free eBook: Digital Transformation 101 – for banks
Why financial services need to tackle their Middle Office
Why financial services need to tackle their Middle Office
Learn: The latest way to transfer files between customers
Learn: The latest way to transfer files between customers
Extracting the value of data using Unified Observability
Extracting the value of data using Unified Observability
Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see

Events

Most Read Articles

Australian court finds insurer not liable for ransomware clean-up costs

Australian court finds insurer not liable for ransomware clean-up costs
NSW Police dumps Bezos-backed Mark43 from core systems overhaul

NSW Police dumps Bezos-backed Mark43 from core systems overhaul
Telstra deregisters 900MHz sites “hindering” Optus 5G rollout

Telstra deregisters 900MHz sites “hindering” Optus 5G rollout
ADHA extends Accenture's My Health Record support deal for $100m

ADHA extends Accenture's My Health Record support deal for $100m

Digital Nation

Australia will lose 11 percent of jobs to automation by 2040: Forrester
Australia will lose 11 percent of jobs to automation by 2040: Forrester
Metaverses on the agenda for Dominello, Husic ministerial meeting
Metaverses on the agenda for Dominello, Husic ministerial meeting
Criteo to fork out $94.7m for consent breaches
Criteo to fork out $94.7m for consent breaches
COVER STORY: How KPMG, Mirvac and ASX use blockchain to build trust in the property sector
COVER STORY: How KPMG, Mirvac and ASX use blockchain to build trust in the property sector
Domino’s invests in observability for zero contact delivery
Domino’s invests in observability for zero contact delivery

Log In

  |  Forgot your password?