A recent wave of malware has allowed hackers to steal over 250,000 Apple accounts, the largest recorded theft of its kind. Fortunately for mainstream users, the malware only affects devices which are jailbroken. Named Keyraider, the malware works through the popular Cydia platform which acts as an underground App Store, allowing jailbroken devices to purchase apps that Apple would/has banned from the official App Store. Once a device has been compromised, hackers can gather data such as push notifications, private keys, app store purchasing information, and passwords. With the information gained, hackers can make App Store purchases with the stolen information.
Keyraider has a sleeper function built in, it can be used to remotely lock a device and hold it for ransom, acting as an on-demand ransomware virus. Palo Alto Networks Explained to Gizmodo:
“It can locally disable any kind of unlocking operations, whether the correct passcode or password has been entered. Also, it can send a notification message demanding a ransom directly using the stolen certificate and private key, without going through Apple’s push server. Because of this functionality, some of previously used “rescue” methods are no longer effective.”
Most of the affected users appear to be located in china and all of them are operating on jailbroken devices. Factory IOS devices are completely immune to this type of malware and users should be very cautious if they are considering jailbreaking their devices. While Jailbreaking gives access to a wider scope of utility and unbinding the restrictive nature of Apple, it can be dangerous. Keyraider is a very important reminder that jailbreaking, despite the additional freedom and phone control, has its drawbacks and can compromise important information.
What do you think about Keyraider? Do you own a Jailbroken Apple device? Let us know in the comments below!
Images via Pixabay.