Click to Skip Ad
Closing in...

Largest Apple account theft ever discovered – how to tell if you’re affected

Published Aug 31st, 2015 10:30AM EDT
iPhone Jailbreak KeyRaider Malware
Image: Screenshot / YouTube

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Apple’s walled iOS garden is more resistant to malware than Android, though there are still malware apps that can take advantage of Apple’s mobile operating system.

A security company found what’s believed to be the largest known Apple account theft caused by malware, and it’s developed an online tool that can help you check out whether you were affected already exists.

DON’T MISS: iPhone 6s and iPhone 6s Plus: Leaked pricing paints grim picture for your wallet

The first thing you need to know about this malware threat is that it affected just over 225,000 accounts originating from 18 countries including China, France, Russia, Japan, United Kingdom, United States, Canada, Germany, Australia, Israel, Italy, Spain, Singapore, and South Korea.

Furthermore, only jailbroken devices were affected, Palo Alto Networks reports, which means your Apple account is likely fine in case you haven’t jailbroken any iOS device lately.

Even if you have jailbroken your device, the vulnerability – called KeyRaider – needs you to install an app from a third-party Cydia repository, and it’s likely many of you haven’t done that either.

However, a select group of people who installed these apps discovered unusual activity in their Apple accounts.

The malware app steals Apple credentials and GUIDs and then uses the data in combination with other tricks — such as stealing Apple push notification service certificates and private keys, disabling local and remote unlocking functionality, sharing App Store purchasing information – to let others download premium App Store content for free, including in-app purchases, on other devices.

The scary part is that the malware tool can be used to hold affected devices for ransom.

“It can locally disable any kind of unlocking operations, whether the correct passcode or password has been entered,” the researchers wrote. “Also, it can send a notification message demanding a ransom directly using the stolen certificate and private key, without going through Apple’s push server. Because of this functionality, some of previously used ‘rescue’ methods are no longer effective.” At least one user has been targeted in such a manner.

The unusual behavior of these malware apps was discovered in July, and researchers have been able to hack into the malware creators’ server, collect data and reverse-engineer the jailbreak tweak in order to describe how it works and warn potential victims.

In case you think you might be one of the 225,000 people affected by the hack, you can use this site (it’s in Chinese, so use Google Translate) to see if your jailbroken device has been compromised.

More details about the malware program are available at this link.

Chris Smith Senior Writer

Chris Smith has been covering consumer electronics ever since the iPhone revolutionized the industry in 2008. When he’s not writing about the most recent tech news for BGR, he brings his entertainment expertise to Marvel’s Cinematic Universe and other blockbuster franchises.

Outside of work, you’ll catch him streaming almost every new movie and TV show release as soon as it's available.