Stop Jailbreak! The New Virus Stole 225,000 Iphone Users' Data


09/01/2015

WeipTech and Palo Alto Network discovered the theft of 225 thousand Apple ID accounts. The attackers used a virus that steals data of users, who opened access to the file system iOS-devices by jailbreak.



It turned out that part of the third-party utilities for iOS kept accounts, and then sent them to a remote server. The researchers found that 92 malicious programs was created. The vulnerability is named KeyRaider.

People of 18 countries were affected by the hackers. Most of them live in China, also the list of the inhabitants includes Russia, UK, USA, Canada, Germany, France, Italy and Spain.

As specified in the study of WeipTech and Palo Alto Networks, the attackers have already used the data obtained: they either demanded ransom for the account or users’ billing information used to make purchases in App Store. The hackers gained access to the push-notifications certificates and control over the process of unlocking the smartphone.

Many users are still running jailbreak to empower their Apple mobile devices, despite of the manufacturer's recent attempts to extend the functionality of iOS. The improvement using jailbreak suggests increased risk in terms of privacy, kept on smartphones and tablets.
 
According to experts, the KeyRaider malware is distributed via Cydia extensions and tweaks storage. This virus sends all information found: passwords, usernames, and other private keys on the intruders’ server, which is also quite vulnerable, and this was used by Weiptech programmers. Thanks to them, a significant portion of the stolen information, which is owned by different users from more than 18 countries, have been returned. Also, the studio has created a unique portal where jailbroken iPhone owners can find out whether they are included in the number of KeyRaider victims.

source: computerworld.com