Hackers in China have compromised the Apple accounts of more than 225,000 iPhone users in what may be the largest such theft caused by malware.
The cybersecurity company Palo Alto Networks reported in a blog post that the hackers stole login names and passwords, using a malicious software family dubbed “KeyRaider” that targets “jailbroken” iPhones. Most of the affected users are in China but Palo Alto said the malware had shown up in 17 other countries.
“Jailbreaking” allows iPhone owners to access parts of a phone’s file systems that are otherwise restricted for security reasons. It is often used to download apps that are not available through the iTunes App Store.
Once installed in an iPhone, CNN said, the KeyRaider malware will provide all of its owner’s iTunes App Store information to the hackers and steal information about App Store purchases.
“The purpose of this attack was to make it possible for users of two iOS jailbreak tweaks to download applications from the official App Store and make in-app purchases without actually paying,” Palo Alto Networks said.
The tweaks have been downloaded more than 20,000 times, the security firm said, which suggests around 20,000 users are abusing the stolen credentials. Some victims have reported that their stolen Apple accounts show abnormal app purchasing history and others state that their phones have been held for ransom.
The malware disables functionality that allows users to “unlock” their iPhones.
“This incident highlights the risk of jailbreaking devices: If you undermine the security that was designed and built into devices … you take on responsibility to secure your device from all sorts of risks,” Inc. columnist Joseph Steinberg warned.
TechCrunch said the malware was more of a concern in China, in part because many vendors there sell pre-jailbroken iPhones to customers. “Apple had a reported 885 million iTunes accounts as of a year ago, so 225,000 affected individuals is a very small percentage of Apple account holders,” the website noted.