Here is a news that might worry you if you recently jailbroke your iPhone. The research team at Palo Alto networks and WeipTech have unveiled a new iOS malware named KeyRaider that has helped the hackers to steal 250,000 valid Apple accounts. This iOS malware heist is the largest of its kind.
Recently, the researchers have identified about 92 samples of a new iOS malware family in the wild. They analysed the suspicious Apple iOS tweaks reported by users and found a numerous number of Apple accounts and passwords stored on a server. The KeyRaider iOS malware targets the jailbroken iOS phones and is spread using the widely popular Cydia app repositories. This app is used to download apps and manage the jailbroken iPhones.
According to the Palo Alto networks, this threat has impacted users from 18 countries that include the likes of France, Russia, USA, China, UK, Germany, Canada, Australia, Israel, Italy, Spain, Singapore, and South Korea. This iOS malware hooks system process through MobileSubstrate and takes away account usernames, passwords and GUID by listening to iTunes traffic on the device.
Palo Alto writes:
The malware was reported due to weirdly behaving App Store as after finding multiple unauthorised App Store purchases, a student from China noticed that one tweak was uploading data to an unknown database. Actually, the KeyRaider iOS malware has stolen this data and uploaded the data to its command and control (C2) server. This server itself contains flaws and exposes the information.
KeyRaider iOS malware can be used to buy apps and remotely lock an iOS device and ask for ransom.
It should be noted that this iOS malware only works in jailbroken devices and most of the users seem to be located in China. Thus, jailbreaking your iOS device could be a great way to bring new apps and icons, but it’s equally dangerous