Sep 22, 2019 | Updated: 11:17 AM EDT

"KeyRaider" Steals 225,000 Users' Credentials Across 18 Countries

Sep 03, 2015 12:41 AM EDT

Close

In the face of the massive malware outbreaks and security vulnerabilities affecting the Android, Android users can now schadenfreude a little, because it’s Apple users’ turn to be terrorized.

A massive security breach, originating in China, was experienced by iOS users who happen to have jailbroken devices. The malware, called the “KeyRaider,” has affected Chinese users for the most part. Apple users from these other countries have experienced the effects of the information-stealing malware, as well: United States, Canada, United Kingdom, France, Germany, Italy, Spain, Russia, Israel, Australia, Singapore, South Korea, and Japan.

Some 225,000 user credentials were stolen by the malevolent software, allowing the hackers behind the malware to use these credentials for unauthorized purchases.

According to TechCrunch, using information from Palo Alto Networks, in cooperation with Chinese tech group WeipTech, these are the mechanisms of the KeyRaider malware:

-KeyRaider steals Apple account user names, and passwords. It also steals device GUIDs (device IDs) and certificates. Apple Push Notification Service private keys are stolen by this malware, as well.

-Infected iPhones and iPads can no longer be unlocked by passcode. Not even the iCloud security and unlocking service can unlock the devices.

-Because of the previous point, devices were held “hostage” by the malware.

-The malware uploads the users’ credentials to a central server, where its authors can gain access to these and abuse these credentials.

The Palo Alto Networks report details the malware’s actions, including their prime suspect in this massive security breach, Mischa07: http://researchcenter.paloaltonetworks.com/2015/08/keyraider-ios-malware-steals-over-225000-apple-accounts-to-create-free-app-utopia/

As per the report, two Cydia apps have been identified as the source of the malware:

-iappstore

-iappinbuy

These two apps entice the user to download them with the promise of giving them access to premium apps and premium in-app purchases, without paying a single cent. The app “iappstore” is supposed to give free access to premium apps, while “iappinbuy” is the app that supposedly gives access to premium in-app purchases. Both apps carry the KeyRaider signatures, however, and will only steal the users’ data.

Word to the wise: Nothing in this world is absolutely free. Respect begets respect, and if a user respects the developer’s rights to be fed for their work, hackers like “Mischa07” won’t succeed in stealing 225,000 user credentials. All of these were most likely enticed by the prospect of getting free apps. “Karma” wreaks havoc like a vengeful scorned woman, so if a mobile device user stays within lawful boundaries and pays for their apps like a good citizen or an appreciative user, they won’t be affected by such hack attacks as the KeyRaider.

Real Time Analytics