‘Largest known hack’: Malware steals over 225k valid Apple accounts
The hack was discovered by security company Palo Alto Networks (PANW) along with Chinese tech group WeipTech.
The news is especially disturbing news for users who ‘jailbroke’ their devices to avoid Apple’s hardware security-based restrictions to customize their phones and access banned apps.
Nicknamed KeyRaider, it accesses iOS devices that used the popular jailbreak tool Cydia and uploaded all of the stolen information, including Apple account usernames, passwords and device GUID, to a separate command and control server.
It contains vulnerabilities that expose user information making it possible for other people to reach the stolen information, according to PANW.
“KeyRaider steals Apple push notification service certificates and private keys, steals and shares App Store purchasing information, and disables local and remote unlocking functionalities on iPhones and iPads,” the company said on its website.
Special software uploaded by hackers let other people use the victims’ accounts to purchase non-free iTunes apps for free.
“The fee will be paid by victims, but money will go to Apple and then partly to developers. Then developers share this income with attackers, as was the case with the AppBuyer malware,” PANW explained.
Over 20,000 people have downloaded the software that lets them steal from 225,941 iPhone owners.
“Some victims have reported that their stolen Apple accounts show abnormal app purchasing history and others state that their phones have been held for ransom,” PANW said.
Palo Alto Networks and WeipTech have provided services to detect the KeyRaider malware and identify stolen credentials.
The companies say KeyRaider may have targeted up to 18 countries including China, France, Russia, Japan, United Kingdom, United States, Canada, Germany, Australia, Israel, Italy, Spain, Singapore, and South Korea.
“We believe this to be the largest known Apple account theft caused by malware,” PANW said.