Hackers use KeyRaider malware to hack 225,000 iPhones
Hackers use malware to hack 225,000 iPhone accounts
If you have a jailbroken iPhone you might be regretting it by now. Recently, Apple iPhone accounts have become compromised by new malware called “KeyRaider” that only targets jailbroken iPhones and security company Palo Alto Networks are calling the attack “the largest known Apple account theft caused by malware.” Palo Alto Networks, or PANW for short, discovered the hack along with Chinese tech group WeipTech.
Jail-breaking allows iPhone owners to access parts of a phone’s file systems that are otherwise restricted for security reasons. For example, a jailbroken iPhone can be used to play games outside the perspective. But it also bypasses some important barriers Apple puts in place to prevent these kind of attacks from happening.
“Users … need to consider carefully if the additional functionality is worth the additional risk,” said Nicko Van Someren, chief technology officer of mobile security company Good Technology.
KeyRaider malware is primarily found on dubious Chinese websites and applications that claim to provide software for jailbroken iPhones. But the malware has spread been spreading far beyond China, showing up in 18 countries across the globe, including the United States.
Once a jailbroken iPhone is infected with the KeyRaider malware, the jailbroken iPhone will give up all of its owner’s iTunes App Store information to the hackers, including the Apple (AAPL, Tech30) account username, password and the iPhone’s unique ID. The malware also steals all the information about the owner’s App Store purchases and prevents people from recovering their phones once they’ve been hijacked.
With this stolen information hackers have been doing several things to gain revenue. They have uploaded software that lets other people purchase iTunes apps for “free,” using the victims’ accounts. About 20,000 people have downloaded the software that lets them steal from the 225,000 affected iPhone owners.
Palo Alto Networks said victims have also reported that their Apple account purchase history has displayed apps they never bought. Others say their phones have been locked, and the hackers are demanding a ransom to return access to the owners, sort of like ransomware.