Apple iPhone jailbreakers beware. If you’ve downloaded certain tweaks and apps, they may have come with a piece of malware that stole your Apple ID and passwords, according to researchers from cybersecurity companies Palo Alto Networks and WeipTech.
At least 225,000 Apple IDs and passwords were compromised by the malware dubbed “KeyRaider” -- the largest Apple account theft caused by malware, according to Palo Alto Networks. This piece of malware does not affect stock iPhones, iPads and iPod Touches -- only jailbroken devices that have been modified to install various apps and tweaks that wouldn’t pass the App Store approval process.
The malware is distributed through third-party app repositories in China and may have affected iOS users in at least 14 countries: China, France, Russia, Japan, the U.K., the U.S., Canada, Germany, Australia, Israel, Italy, Spain, Singapore and South Korea.
After the offending software is installed, it taps into the operating system to steal usernames, passwords and other data by grabbing iTunes traffic sent and received from a compromised iOS device. That data is then sent to a server for storage. KeyRaider is used in conjunction with another jailbreak tweak that allows its creators and thieves to use the stolen credentials to purchase apps and in-app content. An estimated 20,000 users are using the stolen logins, according to the cybersecurity companies.
— AppleInsider (@appleinsider) August 31, 2015
People who have had their accounts compromised have reported odd app purchases popping up. In other cases, victims' iOS devices were remotely locked and held for ransom. Similar tactics also were used by hackers to hold Australian victims’ iPhones and Macs for ransom in 2014.
The best way to avoid this attack is avoid jailbreaking altogether or restore your phone to stock iOS. While jailbreaking can allow users to install apps and tweaks, the practice can expose iOS devices to various security flaws. Italian security group Hacking Team used such exploits to compromise jailbroken devices, according to MacWorld.
"IOS is designed to be reliable and secure from the moment you turn on your device," an Apple spokesperson said in an statement. "To protect our users from malware, we curate App Store content and ensure all apps in the App Store adhere to our developer guidelines. This issue only impacts those who not only have jailbroken devices, but have also downloaded malware from untrusted sources. We have taken steps to protect those affected by the issue by automatically helping the owners reset their iCloud account with a new password."