Over 225,000 Apple Accounts Reportedly Stolen From Jailbroken iPhones

Apple’s iOS is known for its security sophistication. In the eight years of its existence, the company’s mobile operating system has largely remained unaffected to any major security vulnerability. That is until you decide to do away with its built-in security features. Known as jailbreaking, the process gives users the ability to gain full control of the device, and sideload apps. As per reports, malware is being installed via third-party iOS app repositories, resulting in what may be “the largest known Apple account theft caused by malware.”

An iOS malware called KeyRaider, distributed by third-party Cydia repositories in China, has stolen around 225,000 iOS users’ Apple account credentials, certificates, private keys, and purchasing receipts, revealed security firm Palo Alto Networks and Chinese iPhone developers group Weiptech. The credentials were sent to a remote server, and stolen accounts were used to purchase paid apps on other iOS devices. Over 20,000 users have reportedly downloaded the jailbreak tweaks that will give them access to stolen credentials for unauthorised purchases.

“The malware hooks system processes through MobileSubstrate, and steals Apple account usernames, passwords and device GUID by intercepting iTunes traffic on the device. KeyRaider steals Apple push notification service certificates and private keys, steals and shares App Store purchasing information, and disables local and remote unlocking functionalities on iPhones and iPads,” the Palo Alto Networks wrote in a blog post. The firm in conjunction with WeipTech found 92 samples of the new iOS malware family

About 225,000 accounts are affected, and while some users say their accounts show abnormal purchasing history, others say their phones are being held for ransom. The good news is that people who haven’t jailbroken their iOS devices (iPad, iPhone, iPod) don’t need to worry about this attack. About half of the victims have email accounts with qq.com, 163.com, 139.com, popular Chinese email services, suggesting that the attack largely affects Chinese accounts. Researchers found evidence of victims in 18 countries including France, Russia, Japan, United Kingdom, United States, Canada, Germany, Australia, Israel, Italy, Spain, Singapore, and South Korea.

This is the second major iOS attack we have heard about in the recent past. Infamous Hacking Team also reportedly attacked jailbroken iOS devices.

The report truly serves to illustrate the potential terrible consequences of jailbreaking devices to iOS users. Experts advise users not to jailbreak devices unless they’re fully aware of the methods the tool uses to bypass Apple’s built-in security, and the legitimacy of the apps they are installing on their devices. No Indian user has been reported to be affected by the vulnerability as of yet. Palo Alto Networks has set up a tool to assist users to check whether their device is affected, and if so, a guide to help them patch the vulnerability.