KeyRaider, a new form of malware discovered by researchers at Palo Alto Networks and WeipTech, has been found on 225,000 jailbroken iPhones, making this one of Apple’s largest security compromises to date.
While jailbreaking an iPhone gives you the freedom to run whatever apps and interfaces you wish, in place of those allowed by Apple, it also comes with risks. Doing so can give apps control over your phone, and many iPhone users are finding this out the hard way.
The recent malware found is primarily distributed via Cydia repositories in China and collects a number of Apple IDs, passwords, and other items. KeyRaider attacks the device’s unique identifier, or GUID, and markets itself as an alternative to Apple’s official App store. It also disables the ability to unlock iOS devices on which it is installed, a feature sometimes used to remotely hold phones for ransom.
Aside from infecting phones in the U.S., the malicious code has targeted several devices in China and at least 17 other countries, including France, Russia, Japan, and the UK. Not only has it stolen account data and held some phones until a ransom is paid, it has made unauthorized charges against some victims’ accounts.
Researchers at the Palo Alto Networks said in a statement:
KeyRaider has successfully stolen over 225,000 valid Apple accounts and thousands of certificates, private keys, and purchasing receipts. The malware uploads stolen data to its command and control (C2) server, which itself contains vulnerabilities that expose user information.
The purpose of this attack was to make it possible for users of two iOS jailbreak tweaks to download applications from the official App Store and make in-app purchases without actually paying. Jailbreak tweaks are software packages that allow users to perform actions that aren’t typically possible on iOS.
These two tweaks will hijack app purchase requests, download stolen accounts or purchase receipts from the C2 server, then emulate the iTunes protocol to log in to Apple’s server and purchase apps or other items requested by users. The tweaks have been downloaded over 20,000 times, which suggests around 20,000 users are abusing the 225,000 stolen credentials.
Some victims have reported that their stolen Apple accounts show abnormal app purchasing history and others state that their phones have been held for ransom.
While iOS is impressively secure in its default configuration, once jailbroken, it poses several risks. Discovery of KeyRaider validates why security experts discourage jailbreaking iPhones, unless done by highly experienced professionals who know exactly what code they’re trying to get around.
Source: ArsTechnica
Learn more about Electronic Products Magazine