- Jeff Bezos’ girlfriend allegedly sent his nudes to her brother, who then leaked them Saturday 6:38 PM
- This Instagram account catches influencers in the wild Saturday 5:42 PM
- The best upcoming video games to look out for in February 2020 Saturday 5:23 PM
- TikTok teens use AirPods and Google Translate to secretly talk in class Saturday 4:32 PM
- Video shows corpses of coronavirus victims lying in China hospital Saturday 3:44 PM
- Kid meets Slipknot after drumming video goes viral Saturday 2:30 PM
- Channing Tatum responds to troll who tried to compare Jenna Dewan and Jessie J’s looks Saturday 1:46 PM
- Grindr pulls an ‘I don’t know her’ after Eminem suggests he uses the app Saturday 12:48 PM
- Here are the top 10 most popular Instagram models in 2020 Saturday 12:21 PM
- ‘The Chilling Adventures of Sabrina’ takes its characters on a fantasy adventure to Hell in season 3 Saturday 11:37 AM
- Woman no longer in sorority, school after racist MLK post Saturday 10:45 AM
- Netflix’s ‘Miss Americana’ starts to deconstruct the myth of Taylor Swift Saturday 10:32 AM
- Teens charged with attempted arson after participating in TikTok ‘outlet challenge’ Saturday 8:56 AM
- ‘American Dirt’ is a metaphor for a white country built on the back of immigrants Saturday 6:00 AM
- This woman told two students to ‘speak English’ and people are not having it Friday 9:53 PM
If you decided to jailbreak your iPhone, your login credentials could be at risk. A recently discovered family of malware has collected nearly a quarter-million usernames and passwords for Apple accounts.
KeyRaider is distributed through a repository downloaded from popular third-party app distribution platform Cydia. Malicious code included in apps downloaded from the alternative app store is responsible for the breach.
More than 225,000 people have had their accounts compromised by KeyRaider, making it the largest security breach caused by malware. Users from 18 countries including China, Russia, Japan, United Kingdom, United States, and Canada have been affected. Some users have reported their information is being held ransom, having their account disabled until they pay a fee.
The malware appears to be circulating through tweaks to the repository made by a person operating under the username mischa07. Tweaks often add features and actions that aren’t possible in the official iOS release. The two tweaks provided by the user purported to make it possible for downloaders to make in-app purchases from official App Store apps without actually paying.
Palo Alto Networks researchers explained how the malware works, writing, “These two tweaks will hijack app purchase requests, download stolen accounts or purchase receipts from the C2 server, then emulate the iTunes protocol to log in to Apple’s server and purchase apps or other items requested by users.”
The user mischa07 has uploaded other tweaks as well according to PCWorld, including ones that provide cheats for mobile games, controls for system settings, and in-app ad blockers.
Chinese technology firm WeipTech was able to obtain about half of the database of stolen accounts and created an online checker that can inform you if your account has been compromised (though you’ll have to use Google Translate if you can’t read Chinese).
The data was obtainable because the website the data was uploaded to was susceptible to SQL-injection attacks, which WeipTech exploited to grab the information. This means it could also have been acquired by another source with less-charitable intentions.
If you have not jailbroken your iPhone, you are not at risk of this attack. Security experts have long warned of the risks of leaving the walled garden of iOS and exploring the less-secure world of jailbroken apps. Malware like KeyRaider is just one of the potential malicious exploits out there.
AJ Dellinger is a seasoned technology writer whose work has appeared in Digital Trends, International Business Times, and Newsweek. In 2018, he joined Gizmodo as the nights and weekend editor.