Guillaume Ross, Senior Security Consultant, Strategic Services, Rapid7 commented on the latest news that more than 225,000 Apple accounts have been stolen by sophisticated malware that targets modified iOS devices, according to Palo Alto Networks.
[su_note note_color=”#ffffcc” text_color=”#00000″]Guillaume Ross, Senior Security Consultant, Strategic Services, Rapid7 :
“The KeyRaider iOS Malware discovered by WeipTech and researched in collaboration with Palo Alto Networks only affects jailbroken iOS devices. The malicious software was distributed on a specific repository for jailbroken iOS devices (Weiphone’s Cydia Repositories), and abused Cydia Substrate (formerly MobileSubstrate), a software package that is only used on jailbroken devices.
KeyRaider uploaded information from the devices, such as Apple ID usernames and passwords, device identifiers and encryption keys. By doing so, it allowed users of piracy facilitating tools to install applications and in-app purchases for “free”, or more specifically; paid through someone else’s Apple ID. Additional risks exist on the infected devices, as the malware running has capabilities of holding data for ransom, and could in theory perform other actions as well.
Users who do not use a jailbroken device can not be affected by this issue. While jailbreaking opens up the system to grant more freedom to the end user, it increases the risk of an iOS device being infected with malware, or attacked in other ways.
For users with jailbroken phones, Palo Alto Networks has provided instructions on how to verify if a device is infected, Visit HERE.
We highly recommend that users who think they might have been impacted change their Apple ID passwords. To protect accounts against password theft and increase account security in general, enabling two-step verification