Jailbreaking your iPhone can give you the ability to add in extra features and more functionality, but it can also make your phone more vulnerable to malware. One newly-discovered strain of malware has already affected some people with jailbroken iPhones, stealing the account credentials for more than 225,000 Apple IDs.
The malware, called KeyRaider, finds its way onto your device via apps you've installed through Cydia, a popular third-party app store that often offers tools only compatible with jailbroken devices. KeyRaider has infected devices in a wide range of countries, including China, the UK, the United States, Canada, Australia and Russia.
KeyRaider is essentially a two-stage attack. Firstly, the malware steals Apple ID usernames and passwords, certificates, private keys, and App Store purchasing information by hooking in to system processes. All of the data collected by this malware is uploaded to a control server.
After this data is collected, the second stage comes in to play. Users of two jailbreak tweaks can then 'borrow' these stolen credentials to make in-app purchases through the App Store without actually paying. The tweaks "emulate the iTunes protocol to log in to Apple’s server" using the credentials stored on the control server, according to security researchers from Palo Alto Networks.
On top of this, the KeyRaider malware can disable the local and remote unlocking capabilities of an infected iPhone, which allows an attacker to hold the device at ransom. To make matters even worse, credentials uploaded to the control server can easily be stolen through an SQL-injection vulnerability.
The good news is that this malware only affects iPhones that have been jailbroken, so those that haven't modified their device are safe. However it does show the risks involved with jailbraking, and why the practice should always be approached with caution.