iPhone malware KeyRaider stole thousands of Apple logins

Researchers called this the "largest known Apple account theft caused by malware."

A new kind of malware targeting iPhones and iPads is able to steal security certificates, usernames and passwords, and other private account data.

Researchers at Weiptech and Palo Alto Networks said in a blog post Sunday they had discovered a database of thousands of Apple account accounts, which had been stolen by malware distributed through repositories used by popular jailbreak tool Cydia.

The malware, dubbed KeyRaider, intercepts iTunes traffic on the device, stealing usernames, passwords, and unique device identifiers, which are then uploaded to the malware owner's server.

More than 225,000 users from 18 countries are thought to be affected by the malware.

"We believe this to be the largest known Apple account theft caused by malware," said Claud Xiao, the post's author.

The malware is also known to have locked devices, holding them for ransom, an increasingly popular method of generating potentially vast sums of money for attackers.

But how big of an issue is it? Though millions of users will be affected, the vast majority of iPhone and iPad owners are said to be safe.

The malware targets devices that have been jailbroken, a process where device restrictions are cracked, allowing users greater access to the device's functionality. By allowing developers to tap into the device's core, users have greater customization and access to features. But with that comes its own risks, by giving malware that same access.

The now infamous Hacking Team, which suffered a major data breach earlier this year, reportedly also targeted jailbroken iPhones and iPads, without users knowing.

We reached out to Apple for comment but did not immediately hear back.


You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All