Cyber Security company Palto Alto Networks and amateur Chinese tech group WeipTech have uncovered a malware theft of over 225,000 valid Apple accounts, Palo Alto Networks Security Researcher Claud Xiao revealed in a Sunday evening blog post.
According to the post, the iOS malware, dubbed “KeyRaider,” takes aim at jailbroken Apple devices and taps into system processes through MobileSubstrate, stealing “Apple account usernames, passwords and device GUID by intercepting iTunes traffic on the device.”
The malware also snatches Apple push notification certificates, private keys, and also steals and shares App store purchasing information. The virus can also disable local and remote unlocking functions on iPhones and iPads, preventing users from accessing their devices once they’ve been hijacked.
The malware appears to have impacted iOS users in 18 countries, including China, Japan, Germany, Canada and the United States.
With access to a user’s Apple account and password, Xiao said attackers can launch additional strikes against users, including using the information to “control the device through iCloud and compromise the victim’s private data contained in their iMessage logs, contacts, photos, emails, documents and location.”
Research into the incident by Palto Alto Networks and WeipTech has suggested that nearly 20,000 users of two iOS jailbreak tweaks – which allow users to perform actions that normally aren’t possible on iOS – have access to the stolen credentials.
According to Xiao, the incident is believed to be the largest known Apple account theft.
“It’s important to remember that KeyRaider only impacts jailbroken iOS devices,” Xiao wrote. “Users of non-jailbroken iPhones or iPads will not be affected by this attack.”
If the malware is detected on a device, Xiao suggested that users should “change their Apple account password after removing the malware, and enable two-factor verifications for Apple IDs”.
But Xiao said the best method of protection is prevention.
“Our primary suggestion for those who want to prevent KeyRaider and similar malware is to never jailbreak your iPhone or iPad if you can avoid it,” he wrote.
