Home > News > Jailbroken iPhones Attacked By Worst Malware Ever

Jailbroken iPhones Attacked By Worst Malware Ever

Certain tweaks have exposed iOS to wholesale identity theft

mikey b
Jailbroken iPhones Attacked By Worst Malware Ever© 2017 Ydia

To date, KeyRaider has the distinction of causing the biggest account theft in iOS history.

Apple’s almost invincible iOS has many advantages. For instance, they just work a lot smoother in general compared to Androids. This is a fact. Also, malware is generally not a problem. However, when people jailbreak their phones, all kinds of unauthorized activities can be performed. This is a good thing for users in terms of available apps but it also presents a very real security problem.

WeipTech Discovery

The most recent malware to find itself in iPhones is now known as “KeyRaider.” This group of malware was uncovered by WeipTech, an amateur group of techie users of Weiphone, which is one of the largest Apple fan sites in China.

Palo Alto researchers, which worked with WeipTech on iOS and OS X malware AppBuyer and WireLurker,  also analyzed the data. They discovered that one tweak would collect user information and upload it to an unexpected website. The problem? The website has SQL injection vulnerability that grants access to all of the records. To date, KeyRaider has the distinction of causing the biggest account theft in iOS history.

KeyRaider hacked into 225,000 iDevices and stolen Apple ID usernames and passwords. But that is just the tip. Personal data like the iDevice’s unique identifiers, security certificates, and private keys for push notifications were also collected. Victims reported abnormal app purchase histories and ransomware where payment was demanded in exchange for control over their phones. 

Unlike other Cydia repositories like BigBoss and ModMyi, Weiphone provides private repository functionality.

KeyRaider Structure

What is interesting here is that the tweaks made to the jailbroken phones did not contain any malicious code. Instead, other malware in the wild would scour for personal information and send to the C2 server. This “family” of malware was then called KeyRaider as personal information would be raided wholesale instead of piece by piece.

It has been determined that the malware was distributed in Weiphone’s Cydia Repositories and that KeyRaider exploits the Cydia Substrate. Unlike other Cydia repositories like BigBoss and ModMyi, Weiphone provides private repository functionality. This means that users can directly upload their own apps and tweaks and share them with others.

Rapid7 Solution

The security firm Rapid7 recommends a 2FA or two-factor authentication on Apple iDevices to block malware. Gillaume Ross, senior security consultant in the firm, has this to say, “We highly recommend users who think they might have been impacted to change their Apple ID passwords. To protect accounts against password theft and increase account security in general, enabling two-step verification is an important action everyone using an Apple ID can perform.”

Comment

Related articles

Add to comparison
Compare
This page is currently only available in English.