News Categories

Your jailbroken iPhone might be amongst the 225,000 infected by the KeyRaider malware

By Peter Chu - on 1 Sep 2015, 11:48am

Your jailbroken iPhone might be amongst the 225,000 infected by the KeyRaider malware

Image source: Lifehacker

There are plenty of reasons why Apple strongly discourages its users from jailbreaking their devices, and it goes without saying that one of those reasons is to prevent users from pirating applications. But for the most part, it’s to ensure that their users won’t be exposed to the multitude of security risks that comes along with jailbreaking.

One such security risk comes courtesy of the recently discovered KeyRaider malware, which according to the researchers from US-based security specialists Palo Alto Networks, have since compromised more than 225,000 Apple IDs.

“We believe this to be the largest known Apple account theft caused by malware,” wrote Claud Xiao, Palo Alto Networks security researcher, in a blog post regarding the KeyRaider malware.

But apart from Apple ID usernames and passwords, KeyRaider also collects plenty of other details about your device, including its GUID, security certificates, private keys for the Apple push notification service, as well as your App Store purchase history.

This is not something you'll want to see while unlocking your iPhone. The message reads “Please contact by QQ or phone to unlock it.” <br> Image source: Palo Alto Networks

That’s not all that KeyRaider is capable of doing, because If you’re really unlucky, it’s even able to lockdown your device entirely. And as you would already expect, the only way for you to unlock it is by paying a ransom to the person responsible for holding your device hostage.

The good news is, because the KeyRaider malware is primarily distributed through third-party Cydia repositories in China – which can only be accessed if you have jailbroken your phone – if your device is still running on Apple’s untampered iOS platform, you should have nothing to worry about.

Nevertheless, that hasn’t stopped KeyRaider from going to town on jailbroken iPhones in France, Russia, Japan, United Kingdom, United States, Canada, Germany, Australia, Israel, Italy, Spain, Singapore, and South Korea. Malaysia is fortunate enough to be excluded from the list, but the fact that our neighboring country, Singapore, is on it should already be disconcerting enough.

Source: Palo Alto Networks via Engadget