iOS researchers from WeipTech and Palo Alto Networks have discovered over 225,000 valid Apple accounts, including their passwords, stored on a server, while analyzing various unusual iOS tweaks that have been reported by users of jailbroken Apple devices.
The theft was possible because of a piece of iOS malware called "KeyRaider," which appears to be distributed in third-party Cydia repositories located on some servers in China. The hack works by hooking system processes through the MobileSubstrate component and intercepting network traffic via the iTunes software, stealing device GUID (Globally Unique Identifier) as well as Apple IDs and passwords.
Additionally, it looks like the KeyRaider iOS malware also steals purchasing information from your App Store account, Apple push notification service private keys and certificates. According to the respective researchers, the stolen Apple accounts are from approximately 18 countries, including United States, China, Japan, United Kingdom, Russia, Australia, Israel, South Korea, Singapore, France, Canada, Germany, Spain, and Italy.
"In cooperation with WeipTech, we have identified 92 samples of a new iOS malware family in the wild. We have analyzed the samples to determine the author’s ultimate goal and have named this malware 'KeyRaider.' We believe this to be the largest known Apple account theft caused by malware," wrote the researchers in a blog post.
The theft was possible because of a piece of iOS malware called "KeyRaider," which appears to be distributed in third-party Cydia repositories located on some servers in China. The hack works by hooking system processes through the MobileSubstrate component and intercepting network traffic via the iTunes software, stealing device GUID (Globally Unique Identifier) as well as Apple IDs and passwords.
Additionally, it looks like the KeyRaider iOS malware also steals purchasing information from your App Store account, Apple push notification service private keys and certificates. According to the respective researchers, the stolen Apple accounts are from approximately 18 countries, including United States, China, Japan, United Kingdom, Russia, Australia, Israel, South Korea, Singapore, France, Canada, Germany, Spain, and Italy.
"In cooperation with WeipTech, we have identified 92 samples of a new iOS malware family in the wild. We have analyzed the samples to determine the author’s ultimate goal and have named this malware 'KeyRaider.' We believe this to be the largest known Apple account theft caused by malware," wrote the researchers in a blog post.
