Article Lead Image

Photo via Faris Algosaibi/Flickr (CC BY 2.0)

KeyRaider hack steals more than 225,000 Apple logins from jailbroken iPhones

If you have a jailbroken iPhone, your account information could be compromised.


AJ Dellinger


Posted on Aug 31, 2015   Updated on May 28, 2021, 1:37 am CDT

If you decided to jailbreak your iPhone, your login credentials could be at risk. A recently discovered family of malware has collected nearly a quarter-million usernames and passwords for Apple accounts.

Researchers at Palo Alto Networks discovered the malware, known as KeyRaider, with user help from the Chinese iPhone community Weiphone following reports of unauthorized charges.

KeyRaider is distributed through a repository downloaded from popular third-party app distribution platform Cydia. Malicious code included in apps downloaded from the alternative app store is responsible for the breach. 

More than 225,000 people have had their accounts compromised by KeyRaider, making it the largest security breach caused by malware. Users from 18 countries including China, Russia, Japan, United Kingdom, United States, and Canada have been affected. Some users have reported their information is being held ransom, having their account disabled until they pay a fee. 

The malware appears to be circulating through tweaks to the repository made by a person operating under the username mischa07. Tweaks often add features and actions that aren’t possible in the official iOS release. The two tweaks provided by the user purported to make it possible for downloaders to make in-app purchases from official App Store apps without actually paying.

Palo Alto Networks researchers explained how the malware works, writing, “These two tweaks will hijack app purchase requests, download stolen accounts or purchase receipts from the C2 server, then emulate the iTunes protocol to log in to Apple’s server and purchase apps or other items requested by users.”

The user mischa07 has uploaded other tweaks as well according to PCWorld, including ones that provide cheats for mobile games, controls for system settings, and in-app ad blockers.

Chinese technology firm WeipTech was able to obtain about half of the database of stolen accounts and created an online checker that can inform you if your account has been compromised (though you’ll have to use Google Translate if you can’t read Chinese). 

The data was obtainable because the website the data was uploaded to was susceptible to SQL-injection attacks, which WeipTech exploited to grab the information. This means it could also have been acquired by another source with less-charitable intentions.

If you have not jailbroken your iPhone, you are not at risk of this attack. Security experts have long warned of the risks of leaving the walled garden of iOS and exploring the less-secure world of jailbroken apps. Malware like KeyRaider is just one of the potential malicious exploits out there.

H/T Ars Technica | Photo via Faris Algosaibi/Flickr (CC BY 2.0)

Share this article
*First Published: Aug 31, 2015, 8:02 pm CDT