Only jailbroken devices are affected at the moment

Aug 31, 2015 14:30 GMT  ·  By

Today, August 31, iOS researchers from WeipTech and Palo Alto Networks have discovered over 225,000 valid Apple accounts, including their passwords, stored on a server, while analyzing various unusual iOS tweaks that have been reported by users of jailbroken Apple devices.

The theft was possible because of a piece of iOS malware called "KeyRaider," which appears to be distributed in third-party Cydia repositories located on some servers in China. The hack works by hooking system processes through the MobileSubstrate component and intercepting network traffic via the iTunes software, stealing device GUID (Globally Unique Identifier) as well as Apple IDs and passwords.

Additionally, it looks like the KeyRaider iOS malware also steals purchasing information from your App Store account, Apple push notification service private keys and certificates. According to the respective researchers, the stolen Apple accounts are from approximately 18 countries, including United States, China, Japan, United Kingdom, Russia, Australia, Israel, South Korea, Singapore, France, Canada, Germany, Spain, and Italy.

"In cooperation with WeipTech, we have identified 92 samples of a new iOS malware family in the wild. We have analyzed the samples to determine the author’s ultimate goal and have named this malware 'KeyRaider.' We believe this to be the largest known Apple account theft caused by malware," wrote the researchers in a blog post.

Thousands of purchasing receipts, private keys, and certificates have been stolen

In addition to the approximately 225,000 affected Apple accounts, the iOS malware has also managed to steal thousands of purchasing receipts, private keys, and certificates. KeyRaider is also capable of disabling remote and local unlocking functionalities on iPhone and iPad devices, as well as uploading the stolen information to a server located somewhere in China.

Once again, we remind users that the KeyRaider iOS malware affects only jailbroken devices and it is extremely important that you immediately take action and reinstall the latest iOS version from Apple, or follow the instructions provided by the Palo Alto Networks and WeipTech researchers at the end of their report. However, because the latter option requires some technical knowledge, it is best to erase your device and reinstall iOS. Also, don't forget to change your Apple credentials immediately, right now!