A team of Chinese amateur cybersecurity enthusiasts called WeipTech were alerted to a disturbance, immediately alerting security researchers at Palo Alto Networks.
Advertisement
For example, Apple only allows you to install apps on its devices from their official App Store, allowing them to screen and control how users can use their devices. Significantly, there were over 255,000 entries in the database, making for one mammoth breach. Apple advises users against jailbreaking their iDevices for security purposes. A jailbreak is usually done to facilitate downloads from the Cydia store that distributes pirated applications.
According to Xia, some victims have reported that their stolen Apple accounts show abnormal app purchasing history and others state that their phones have been held for ransom.
If you’ve downloaded certain tweaks and apps, they may have come with a piece of malware that stole your Apple ID and passwords, according to researchers from cyber security companies Palo Alto Networks and WeipTech.
The exploit, which is exclusively aimed at jailbroken devices, worms its way onto your device through Cydia, the popular third party app store for jailbroken devices.
The hack has hit 225,000 users from 18 countries including China, France, Russia, Japan, United Kingdom, United States, Canada, Germany, Australia, Israel, Italy, Spain, Singapore, and South Korea.
KeyRaider basically deploys MobileSubstrate to hook the system process and then proceeds to rob the account passwords and usernames of an Apple account, as well as GUID by monitoring traffic from iTunes on the iDevice. “Also, it can send a notification message demanding a ransom directly using the stolen certificate and private key, without going through Apple’s push server”. The malware also disables the unlocking of Apple devices, both locally and remotely on iPhones and iPads, completing the hijack altogether.
“The tweaks have been downloaded over 20,000 times, which suggests around 20,000 users are abusing the 225,000 stolen credentials”, he added.
The malware is bundled into jailbreak tweaks and being served on the Weiphone jailbreak forum by suspected VXer known as mischa07 who specialises in cheats and tweaks.
Researchers believe Weiphone user “mischa07” is the author of the new malware as his username was “hard-coded into the malware as the encryption and decryption key”.
Advertisement
Palo Alto Networks said it provided the stolen account information to Apple on August 26, but noted that WeipTech was only able to recover around half of stolen accounts before the attacker fixed the vulnerability. That server had security vulnerabilities which allowed the group to obtain the stolen data.
