Sep 03, 2015 12:41 AM EDT
In the face of the massive malware outbreaks and security vulnerabilities affecting the Android, Android users can now schadenfreude a little, because it’s Apple users’ turn to be terrorized.
A massive security breach, originating in China, was experienced by iOS users who happen to have jailbroken devices. The malware, called the “KeyRaider,” has affected Chinese users for the most part. Apple users from these other countries have experienced the effects of the information-stealing malware, as well: United States, Canada, United Kingdom, France, Germany, Italy, Spain, Russia, Israel, Australia, Singapore, South Korea, and Japan.
Some 225,000 user credentials were stolen by the malevolent software, allowing the hackers behind the malware to use these credentials for unauthorized purchases.
According to TechCrunch, using information from Palo Alto Networks, in cooperation with Chinese tech group WeipTech, these are the mechanisms of the KeyRaider malware:
-KeyRaider steals Apple account user names, and passwords. It also steals device GUIDs (device IDs) and certificates. Apple Push Notification Service private keys are stolen by this malware, as well.
-Infected iPhones and iPads can no longer be unlocked by passcode. Not even the iCloud security and unlocking service can unlock the devices.
-Because of the previous point, devices were held “hostage” by the malware.
-The malware uploads the users’ credentials to a central server, where its authors can gain access to these and abuse these credentials.
The Palo Alto Networks report details the malware’s actions, including their prime suspect in this massive security breach, Mischa07: http://researchcenter.paloaltonetworks.com/2015/08/keyraider-ios-malware-steals-over-225000-apple-accounts-to-create-free-app-utopia/
As per the report, two Cydia apps have been identified as the source of the malware:
These two apps entice the user to download them with the promise of giving them access to premium apps and premium in-app purchases, without paying a single cent. The app “iappstore” is supposed to give free access to premium apps, while “iappinbuy” is the app that supposedly gives access to premium in-app purchases. Both apps carry the KeyRaider signatures, however, and will only steal the users’ data.
Word to the wise: Nothing in this world is absolutely free. Respect begets respect, and if a user respects the developer’s rights to be fed for their work, hackers like “Mischa07” won’t succeed in stealing 225,000 user credentials. All of these were most likely enticed by the prospect of getting free apps. “Karma” wreaks havoc like a vengeful scorned woman, so if a mobile device user stays within lawful boundaries and pays for their apps like a good citizen or an appreciative user, they won’t be affected by such hack attacks as the KeyRaider.
2. Dec 21, 2019
Who Should Be Using a PowerPoint Design Agency?
3. Nov 13, 2019
Surveying the 4 Basic Kinds of CMM Machines
4. Nov 02, 2019
Color Theory Gets a Technology Makeover with Appy Pie's Color Wheel
1. Sep 20, 2019
5 Facts About Mobile App Development That Will Keep You Up At Night
2. Sep 09, 2019
Why Software is Key to Growing Your Cannabis Business
3. Sep 09, 2019
Why Android Remains at the Top of Its Game
4. Sep 02, 2019
Tips to Get Car Insurance for a Teen Driver