Sep 03, 2015 12:41 AM EDT
In the face of the massive malware outbreaks and security vulnerabilities affecting the Android, Android users can now schadenfreude a little, because it’s Apple users’ turn to be terrorized.
A massive security breach, originating in China, was experienced by iOS users who happen to have jailbroken devices. The malware, called the “KeyRaider,” has affected Chinese users for the most part. Apple users from these other countries have experienced the effects of the information-stealing malware, as well: United States, Canada, United Kingdom, France, Germany, Italy, Spain, Russia, Israel, Australia, Singapore, South Korea, and Japan.
Some 225,000 user credentials were stolen by the malevolent software, allowing the hackers behind the malware to use these credentials for unauthorized purchases.
According to TechCrunch, using information from Palo Alto Networks, in cooperation with Chinese tech group WeipTech, these are the mechanisms of the KeyRaider malware:
-KeyRaider steals Apple account user names, and passwords. It also steals device GUIDs (device IDs) and certificates. Apple Push Notification Service private keys are stolen by this malware, as well.
-Infected iPhones and iPads can no longer be unlocked by passcode. Not even the iCloud security and unlocking service can unlock the devices.
-Because of the previous point, devices were held “hostage” by the malware.
-The malware uploads the users’ credentials to a central server, where its authors can gain access to these and abuse these credentials.
The Palo Alto Networks report details the malware’s actions, including their prime suspect in this massive security breach, Mischa07: http://researchcenter.paloaltonetworks.com/2015/08/keyraider-ios-malware-steals-over-225000-apple-accounts-to-create-free-app-utopia/
As per the report, two Cydia apps have been identified as the source of the malware:
These two apps entice the user to download them with the promise of giving them access to premium apps and premium in-app purchases, without paying a single cent. The app “iappstore” is supposed to give free access to premium apps, while “iappinbuy” is the app that supposedly gives access to premium in-app purchases. Both apps carry the KeyRaider signatures, however, and will only steal the users’ data.
Word to the wise: Nothing in this world is absolutely free. Respect begets respect, and if a user respects the developer’s rights to be fed for their work, hackers like “Mischa07” won’t succeed in stealing 225,000 user credentials. All of these were most likely enticed by the prospect of getting free apps. “Karma” wreaks havoc like a vengeful scorned woman, so if a mobile device user stays within lawful boundaries and pays for their apps like a good citizen or an appreciative user, they won’t be affected by such hack attacks as the KeyRaider.
2. Jul 15, 2021
This Is Why Android Is a Much Better Platform for People on a Budget
3. Jul 15, 2021
Using Customer Data To Enhance Mobile App Development
4. Jun 18, 2021
If Time Is Money, Here Is How to Reclaim Some of Yours
1. May 28, 2021
Workplace Upgrades and Investments to Consider in 2021
2. May 28, 2021
Nearly Invisible Gym: A Growing Tech Trend For Efficient At-Home Workouts
3. May 28, 2021
7 Ways IT Leaders Can Respond To Changes Post COVID-19
4. May 28, 2021
6 Ways Your Company Can Help People Return to Work Post-Pandemic in 2021