Security firm Palo Alto Networks announced over the weekend that a new form of malware, dubbed “KeyRaider,” has allowed hackers to steal account information from more than 225,000 Apple account holders.
“We believe this to be the largest known Apple account theft caused by malware,” read a statement posted by the company on Aug. 30.
Malware is a term referring to any software intended to damage or otherwise nefariously affect a computer system. In this case, the software sends ID information to hackers who can use it to make fraudulent media and app purchases, grab security certificates (which could lead to wider Apple Pay access), and even lock owners out of their own devices. Some users have had their iPhones and iPads held for ransom.
A practice called jailbreaking — users circumventing built-in security measures in order to personalize their devices and add unsupported features — appears to have made it possible for the malware to accomplish these goals.
According to the Palo Alto Networks investigation, the malware is distributed via Chinese Cydia repositories, Cydia being a software application that helps users to find and install packages on jailbroken devices. The threat may have stretched to as many as 18 countries, including Australia, Canada, China, France, Germany, Italy, Singapore, South Korea, the United Kingdom, and the United States.
Finding Out If You’ve Been Affected
Malware in itself is not uncommon; a 2013 study concluded that there are an average of 82,000 new malware threats every single day. But threats against Apple operating systems are much rarer than threats targeting Android and Microsoft systems — a fact which often lures Apple users into a false sense of security.
Palo Alto Networks has made clear that KeyRaider can only target jailbroken phones, so users who haven’t taken this step have nothing to worry about.
Owners of jailbroken devices can determine if they have been infected by installing the openssh server through Cydia, connecting to their device, and looking in the /Library/MobileSubstrate/
It’s also wise for Apple ID account holders to change their passwords and enable two-factor verifications in order to prevent future thefts.