A security company found what’s believed to be the largest known Apple account theft caused by malware, and it’s developed an online tool that can help you check out whether you were affected already exists.
The first thing you need to know about this malware threat is that it affected just over 225,000 accounts originating from 18 countries including China, France, Russia, Japan, United Kingdom, United States, Canada, Germany, Australia, Israel, Italy, Spain, Singapore, and South Korea.
Even if you have jailbroken your device, the vulnerability – called KeyRaider – needs you to install an app from a third-party Cydia repository, and it’s likely many of you haven’t done that either.
However, a select group of people who installed these apps discovered unusual activity in their Apple accounts.
The malware app steals Apple credentials and GUIDs and then uses the data in combination with other tricks — such as stealing Apple push notification service certificates and private keys, disabling local and remote unlocking functionality, sharing App Store purchasing information – to let others download premium App Store content for free, including in-app purchases, on other devices.
The scary part is that the malware tool can be used to hold affected devices for ransom.
“It can locally disable any kind of unlocking operations, whether the correct passcode or password has been entered,” the researchers wrote. “Also, it can send a notification message demanding a ransom directly using the stolen certificate and private key, without going through Apple’s push server. Because of this functionality, some of previously used ‘rescue’ methods are no longer effective.” At least one user has been targeted in such a manner.
The unusual behavior of these malware apps was discovered in July, and researchers have been able to hack into the malware creators’ server, collect data and reverse-engineer the jailbreak tweak in order to describe how it works and warn potential victims.
In case you think you might be one of the 225,000 people affected by the hack, you can use this site (it’s in Chinese, so use Google Translate) to see if your jailbroken device has been compromised.
More details about the malware program are available at this link.