iOS 'KeyRaider' malware blazes trail of chaos, stealing over 225,000 Apple accounts

Only jailbroken devices should fear it, however

A new iOS malware family going by the name of "KeyRaider" has been discovered by malware researchers at WeipTech and Palo Alto Networks. So far, it has stolen more than 225,000 user account details, apparently to add to a database to help fuel exploitative App Store behaviour.

KeyRaider reportedly diverts system processes through MobileSubstrate (now called Cydia Substrate) - a software framework that allows third-party app developers to provide run-time patches for their products.

It does this only through jailbroken devices, and is only distributed through third-party Cydia repositories in China - Cydia is an alternative to Apple's App Store for "jailbroken" devices. So far, affected users have been traced to Australia, Canada, China, France, Germany, Israel, Italy, Japan, Russia, Singapore, Spain and South Korea.

Once the malware enters into system processes, it steals user names, passwords and the device's GUID (globally unique indentifier) by intercepting iTunes traffic. It also steals push notification service certificates and private keys, stealing and sharing App Store purchase logs while disabling local and remote unlocking facilities.

At this point, KeyRaider has been found to be sending all this in information to a central server, where individuals' information is being leveraged to make in-app purchases without paying, as part of what are known as software "tweaks" for jailbroken devices.

Victims have already reported unusual app purchasing history after being affected by KeyRaider, and some have apparently even had their vulnerable devices held to ransom, in "ransomware"-style attacks.

The affected user base of 225,000 individual accounts is possibly the largest of any piece of iOS-based malware in the OS's history. However, before calling too much doom and gloom on the traditionally "safer" environment of iOS when compared to the ongoing "Wild West" of Android device security, it is important to remember that only jailbroken devices are affected.

If you're using your Apple device in the way the company intended (and probably the way your IT department would prefer), then move along - you have absolutely nothing to fear from KeyRaider.