Security Malware steals 225,000 Apple logins from jailbroken iPhones

Scorpus

Posts: 2,001   +231
Staff member

Jailbreaking your iPhone can give you the ability to add in extra features and more functionality, but it can also make your phone more vulnerable to malware. One newly-discovered strain of malware has already affected some people with jailbroken iPhones, stealing the account credentials for more than 225,000 Apple IDs.

The malware, called KeyRaider, finds its way onto your device via apps you've installed through Cydia, a popular third-party app store that often offers tools only compatible with jailbroken devices. KeyRaider has infected devices in a wide range of countries, including China, the UK, the United States, Canada, Australia and Russia.

KeyRaider is essentially a two-stage attack. Firstly, the malware steals Apple ID usernames and passwords, certificates, private keys, and App Store purchasing information by hooking in to system processes. All of the data collected by this malware is uploaded to a control server.

After this data is collected, the second stage comes in to play. Users of two jailbreak tweaks can then 'borrow' these stolen credentials to make in-app purchases through the App Store without actually paying. The tweaks "emulate the iTunes protocol to log in to Apple’s server" using the credentials stored on the control server, according to security researchers from Palo Alto Networks.

On top of this, the KeyRaider malware can disable the local and remote unlocking capabilities of an infected iPhone, which allows an attacker to hold the device at ransom. To make matters even worse, credentials uploaded to the control server can easily be stolen through an SQL-injection vulnerability.

The good news is that this malware only affects iPhones that have been jailbroken, so those that haven't modified their device are safe. However it does show the risks involved with jailbraking, and why the practice should always be approached with caution.

Permalink to story.

 

Zenodroid

Posts: 132   +28
How is that possible ? apple is the most secure stuff out there and nothing never happens to their stuff :eek:

or something ;)
 

Kenrick

Posts: 631   +401
For those people here that talk without any clue and some android sobbing users who have this superiority complex seizure, let me rephrase the whole article for you.

The malware is installed if you add a chinese repository. The repository is not part of the default repository of Cydia. Therefore, this is a user's responsibility. they need to be cautious of what they install if adding 3rd party repositories especially if the tweak or cydia app is something illegal in nature. The App/tweak that was specified in the article claimed you can bypass in-app purchases or related to purchases.

Well this is a malware that is user controlled unlike malware available through the google app store. I feel pity to some members here. talking without thinking when it come with apple articles. grow up. No one cares what phone you have. Enjoy it and dont mind other's phone.
 

Zenodroid

Posts: 132   +28
For those people here that talk without any clue and some android sobbing users who have this superiority complex seizure, let me rephrase the whole article for you.

The malware is installed if you add a chinese repository. The repository is not part of the default repository of Cydia. Therefore, this is a user's responsibility. they need to be cautious of what they install if adding 3rd party repositories especially if the tweak or cydia app is something illegal in nature. The App/tweak that was specified in the article claimed you can bypass in-app purchases or related to purchases.

Well this is a malware that is user controlled unlike malware available through the google app store. I feel pity to some members here. talking without thinking when it come with apple articles. grow up. No one cares what phone you have. Enjoy it and dont mind other's phone.
android have open os and you can make mistakes. wich also makes android even stronger against virus and malware, bc they learn how to fight and even stop it. ios doesnt learn it and when they get hit, it gets a lot worse than on the other platforms. just like when osx got hit hard, ms had a good hard laugh at apple. bc ms knew exactly what to do, but apple had no clue what so ever, and got forced to put their heads together to fix it. its more fun and you learn more to live, by playing at the playground. than be locked and safe inside your room where mommy takes care of you all the time.

apple say they are better and try to blind ppl on how good they are, instead of letting ppl learn and be smarter. ppl get more and more stupid when others control their life and makes sure nobody can do anything. and then when apple cracks, a lot more ppl gets hurt, than on other platforms.
 

Kenrick

Posts: 631   +401
For those people here that talk without any clue and some android sobbing users who have this superiority complex seizure, let me rephrase the whole article for you.

The malware is installed if you add a chinese repository. The repository is not part of the default repository of Cydia. Therefore, this is a user's responsibility. they need to be cautious of what they install if adding 3rd party repositories especially if the tweak or cydia app is something illegal in nature. The App/tweak that was specified in the article claimed you can bypass in-app purchases or related to purchases.

Well this is a malware that is user controlled unlike malware available through the google app store. I feel pity to some members here. talking without thinking when it come with apple articles. grow up. No one cares what phone you have. Enjoy it and dont mind other's phone.
android have open os and you can make mistakes. wich also makes android even stronger against virus and malware, bc they learn how to fight and even stop it. ios doesnt learn it and when they get hit, it gets a lot worse than on the other platforms. just like when osx got hit hard, ms had a good hard laugh at apple. bc ms knew exactly what to do, but apple had no clue what so ever, and got forced to put their heads together to fix it. its more fun and you learn more to live, by playing at the playground. than be locked and safe inside your room where mommy takes care of you all the time.

apple say they are better and try to blind ppl on how good they are, instead of letting ppl learn and be smarter. ppl get more and more stupid when others control their life and makes sure nobody can do anything. and then when apple cracks, a lot more ppl gets hurt, than on other platforms.
For those people here that talk without any clue and some android sobbing users who have this superiority complex seizure, let me rephrase the whole article for you.

The malware is installed if you add a chinese repository. The repository is not part of the default repository of Cydia. Therefore, this is a user's responsibility. they need to be cautious of what they install if adding 3rd party repositories especially if the tweak or cydia app is something illegal in nature. The App/tweak that was specified in the article claimed you can bypass in-app purchases or related to purchases.

Well this is a malware that is user controlled unlike malware available through the google app store. I feel pity to some members here. talking without thinking when it come with apple articles. grow up. No one cares what phone you have. Enjoy it and dont mind other's phone.
android have open os and you can make mistakes. wich also makes android even stronger against virus and malware, bc they learn how to fight and even stop it. ios doesnt learn it and when they get hit, it gets a lot worse than on the other platforms. just like when osx got hit hard, ms had a good hard laugh at apple. bc ms knew exactly what to do, but apple had no clue what so ever, and got forced to put their heads together to fix it. its more fun and you learn more to live, by playing at the playground. than be locked and safe inside your room where mommy takes care of you all the time.

apple say they are better and try to blind ppl on how good they are, instead of letting ppl learn and be smarter. ppl get more and more stupid when others control their life and makes sure nobody can do anything. and then when apple cracks, a lot more ppl gets hurt, than on other platforms.

Another android sobbing user. Its funny how you compare apple ios to android. Geez, Really, where is the hate coming from. I did not say ios is better than android. I just explained the article in a super layman terms for close-minded people like you. Grow up man, if you like your phone then so be it no need to trash other user's preference.

and also buy a new keyboard. Learn how to write proper english. If your android keyboard is at fault, install swype or enable autocorrection.
 

mailpup

Posts: 7,642   +751
TS Special Forces
Kendrick, no need to double quote and we prefer that you try to confine your remarks to arguing the issues rather than the ad hominem comments you are making. Thanks.