Hackers Stole 1/4 Million Apple Accounts with iOS Malware (Only affects Jailbroken devices)

[JordanWearinThe45]

Think twice before jailbreaking your iPhone. A recent rash of malware has helped hackers steal over 250,000 Apple accounts, the largest theft of its kind. The malware only affects jailbroken devices, but if you get pwned, hackers can not only peek your password but also make App Store purchases without your permission.

The research team at Palo Alto networks is calling this scary new iOS malware KeyRaider. It works through the wildly popular Cydia app which makes it easier to download and manage apps on jailbroken iPhones. Once a user’s been compromised, the malware starts intercepting iTunes traffic and hijack all kinds of data. According to Palo Alto Networks, “KeyRaider steals Apple push notification service certificates and private keys, steals and shares App Store purchasing information, and disables local and remote unlocking functionalities on iPhones and iPads.”

Weird App Store behavior is actually how the malware was first discovered. After seeing multiple reports of unauthorized App Store purchases, a student from Yangzhou University in China looked at the jailbreak tweaks the affected users had installed and notice that one tweak was uploading user data to a mysterious database. After gaining access, they found over 250,000 entries that turned out to be Apple accounts, including passwords and other credentials. Palo Alto Networks did further research and found that the tweaks were designed to help users download non-free apps and make in-app purchases without paying.

It gets worse. While it’s unnerving to realize that a hacker can buy apps with unsuspecting users account, KeyRaider can also be used to remotely lock a device and hold them for ransom. Palo Alto Networks explains:

It can locally disable any kind of unlocking operations, whether the correct passcode or password has been entered. Also, it can send a notification message demanding a ransom directly using the stolen certificate and private key, without going through Apple’s push server. Because of this functionality, some of previously used “rescue” methods are no longer effective.

This malware has infected a lot of users, but again, it only works on jailbroken phones. (Most of the affected users also appear to be located in China.) So if you haven’t jailbroken your iPhone, you should be fine. Let this serve as yet another warning that jailbreaking your phone might make it fun to change around your app icons or install bootleg apps or whatever. But it’s also a great way to expose yourself to malware. Beware.

Hackers Stole the Biggest Number of Apple Accounts Ever with iOS Malware

 

[Liquid]

Buy an iToy only to jailbreak it because you really wanted an android, brehs!

 

[Absolut da poet ®]

I wonder if jail breaking the phone puts the users at risk from any liability

 

[Dat Migo]

ifakkits lost

 

[MercuryHayes]

ok they'll buy apps on my phone..big deal.

American Express will reverse that shyt and i'll continue with my day

 

[Tunez]

 

[ORDER_66]

ifakkits lost

#TeamDroid #GSDG

 

[detroitwalt]

a student from Yangzhou University in China looked at the jailbreak tweaks the affected users had installed and notice that one tweak was uploading user data to a mysterious database. After gaining access, they found over 250,000 entries that turned out to be Apple accounts, including passwords and other credentials. Palo Alto Networks did further research and found that the tweaks were designed to help users download non-free apps and make in-app purchases without paying.

Long as you not trying to get apps for free you're good. They should have named the tweak responsible so people know not to install it.

 

[Majestyx]

Long as you not trying to get apps for free you're good. They should have named the tweak responsible so people know not to install it.

iappstore was one of them

 

[itsyoung!!]

Buy an iToy only to jailbreak it because you really wanted an android, brehs!

My brother got the newest Galaxy S I think S5 ? while working out today his ipod fell out his pocket i was like damn man you was just talkin about my iphone a hour ago and you need 2 devices to do what I do on one

 

[ORDER_66]

My brother got the newest Galaxy S I think S5 ? while working out today his ipod fell out his pocket i was like damn man you was just talkin about my iphone a hour ago and you need 2 devices to do what I do on one

 

[blackestofpanthers]

My brother got the newest Galaxy S I think S5 ? while working out today his ipod fell out his pocket i was like damn man you was just talkin about my iphone a hour ago and you need 2 devices to do what I do on one

What was the point of your post? I'm lost
It might be because I'm drunk or maybe your story is dumb

 

[itsyoung!!]

What was the point of your post? I'm lost
It might be because I'm drunk or maybe your story is dumb

must be because you are drunk because the point of the post was pretty fukking clear

 

[winb83]

My brother got the newest Galaxy S I think S5 ? while working out today his ipod fell out his pocket i was like damn man you was just talkin about my iphone a hour ago and you need 2 devices to do what I do on one

As an owner of the iPhone 6 and the Galaxy S6 unless you have an Android megaphone like a Note your battery life is gonna be so poor on a standard Android device you're better off carrying multiple devices.

 

[Lord Beasley]

I wonder if jail breaking the phone puts the users at risk from any liability

You already know