More than 225,000 iPhones have been hacked by Chinese malware that allowed a third party to obtain usernames, passwords, and other sensitive information. The hack specifically affects jailbroken iPhones that were used to download apps from an unofficial app repository. While most of the affected phones were also Chinese, information recovered in the investigation of the hack indicates that there are infected handsets in Europe and North America as well.
According to a report issued by information security firm Palo Alto Networks, the widespread iPhone hack came to light after users of the Chinese iPhone enthusiast site Weiphone notified amateur technical group WeipTech of suspicious activity linked to apps that promised iOS tweaks. WeipTech contacted Palo Alto Networks, and the ensuing investigation uncovered what the security firm has called, “the largest known Apple account theft caused by malware.”
Unit 42 analyzes KeyRaider, which our researchers believe is the largest known Apple account theft caused by malware http://t.co/xS2txE8b5B
— Palo Alto Networks (@PaloAltoNtwks) August 31, 2015
The malicious software, known as KeyRaider, is designed to intercept sensitive account information and transmit it to a third party website. The hack is said to have obtained more than 225,000 iTunes usernames and passwords, some of which were used to make unauthorized purchases.
Palo Alto Networks indicated that a second app, designed to allow users to install paid apps for free, was uncovered. This app has been installed 20,000 times, which indicates that some 20,000 people have taken advantage of KeyRaider’s victims.
Other victims have reported that KeyRaider was used to hold their phones ransom. Unlike previous instances of iOS devices being held hostage, KeyRaider doesn’t make use of iCloud. According to Palo Alto Networks, that means the malicious code it is able to “locally disable any kind of unlocking operations, whether the correct passcode or password has been entered.” This renders some earlier solutions, such as resetting the iCloud account, totally ineffective.
Only some of the 225,000 hacked iPhones have been subject to ransom demands, but even users with functioning handsets have their work cut out for them in removing the malware. For those with jailbroken phones, Palo Alto Networks tweeted a resource for determining whether a handset is infected.
For iPhone owners located outside China, the good news is that you probably don’t have to worry about this specific attack. Although 225,000 iPhones were hacked by KeyRaider, they were all jailbroken and they all obtained apps from a third-party Cydia repository in China.
With more than 225,000 iPhones hacked through this single piece of malicious code, this only serves to underscore the fact that while iPhones are generally secure devices, jailbreaking can throw the door wide open to all manner of bad things.
Ryan Olson, a researcher at Palo Alto Networks, told Wired that the built-in restrictions of iOS protect most users from malware like KeyRaider. However, jailbreaking changes the equation.
“The average iPhone user hasn’t jailbroken their phone. If you’ve jailbroken your phone, you should worry about KeyRaider and a lot of other threats like it.”
KeyRaider may have only infected Chinese iPhones, and it may have only been spread via a third-party Cydia repository, but the next iteration of this new iOS malware family could strike a totally different demographic.
The grass can look mighty green outside of Apple’s walled garden, but with 225,000 iPhones hacked in one attack, is it really worth losing control of your iTunes account or having your phone held for ransom?
[Photo by Justin Sullivan / Getty Images News]