Got a jailbroken iPhone with the Cydia app store installed? Better watch out. Approximately 225,000 Apple accounts have been stolen by malware hidden in untrusted Cydia repositories. The malware and the account information were discovered by researchers from Palo Alto Networks, with help from WeipTech, a group of technically-minded enthusiasts. Palo Alto Networks believes this is the largest theft of Apple accounts ever caused by malware.
The researchers call the malware family KeyRaider, and they've uncovered 92 variants of the bad apps. As far as the team can tell, KeyRaider only spreads through Cydia repositories from Weiphone, one of the largest Apple fan websites in China, though the team doesn't discount the possibility that KeyRaider software could be present in other untrusted repositories, as well. Unlike other Cydia sources, Weiphone allows registered users to create private repositories where they can upload their own apps and "tweaks."
The harvested account information is bundled into tweaks that allow other users to make illicit App Store and in-app purchases. The research team reports that these tweaks have been downloaded over 20,000 times, suggesting that many are abusing the stolen credentials. Most victims report unauthorized App Store purchases on their accounts, while others have had their phones held for ransom, as KeyRaider can also disable both local and remote unlocking functionality on iOS devices. Chinese users aren't the only ones affected, either—the account cache also contains login information belonging to users in 17 other countries.
Weiptech has a website where users can check if their Apple accounts were stolen, and Palo Alto Networks disclosed the account information to Apple on August 26. Users can also manually check their jailbroken devices using a process described at the bottom of this page.
|TR's 2017 Christmas giveaway: goodies from MSI, Antec, and OCZ||14|
|VESA DisplayHDR attempts to demystify HDR-capable monitors||14|
|BenQ EW277HDR brings HDR10 in reach of mere mortals||5|
|Intel Pentium Gold chips now have Silver siblings||25|
|Acer ProDesigner PE320QK is big on size and color accuracy||2|
|Thermaltake's Nemesis Switch has enough buttons for all your macros||17|
|Zotac Gaming MEK1 PCs have the requisite pieces of flair||9|
|Toshiba's latest hard drives store 14 TB without shingles||66|
|Friday deals: a motherboard trio, a cheap CLC, and a rodent||11|
|I liked it better when they called these chips "Atom". It was a more clear distinction. "Pentium Gold" is Kaby Lake. "Pentium Silver" is Gemini Lake (...||+10|