KeyRaider iOS Malware Affects Jailbroken iOS Devices

By   ISBuzz Team
Writer , Information Security Buzz | Sep 08, 2015 02:00 am PST

Guillaume Ross, Senior Security Consultant, Strategic Services, Rapid7 commented on the latest news that more than 225,000 Apple accounts have been stolen by sophisticated malware that targets modified iOS devices, according to Palo Alto Networks.

[su_note note_color=”#ffffcc” text_color=”#00000″]Guillaume Ross, Senior Security Consultant, Strategic Services, Rapid7 :

“The KeyRaider iOS Malware discovered by WeipTech and researched in collaboration with Palo Alto Networks only affects jailbroken iOS devices. The malicious software was distributed on a specific repository for jailbroken iOS devices (Weiphone’s Cydia Repositories), and abused Cydia Substrate (formerly MobileSubstrate), a software package that is only used on jailbroken devices.

KeyRaider uploaded information from the devices, such as Apple ID usernames and passwords, device identifiers and encryption keys. By doing so, it allowed users of piracy facilitating tools to install applications and in-app purchases for “free”, or more specifically; paid through someone else’s Apple ID. Additional risks exist on the infected devices, as the malware running has capabilities of holding data for ransom, and could in theory perform other actions as well.

Users who do not use a jailbroken device can not be affected by this issue. While jailbreaking opens up the system to grant more freedom to the end user, it increases the risk of an iOS device being infected with malware, or attacked in other ways.

For users with jailbroken phones, Palo Alto Networks has provided instructions on how to verify if a device is infected, Visit HERE.

We highly recommend that users who think they might have been impacted change their Apple ID passwords. To protect accounts against password theft and increase account security in general, enabling two-step verification is an important action that everyone using an Apple ID can perform.”[/su_note][su_box title=”About Rapid7″ style=”noise” box_color=”#336588″]rapid7Rapid7 security data and analytics software and services help organizations reduce the risk of a breach, detect and investigate attacks, and build effective IT security programs. With comprehensive real-time data collection, advanced correlation, and insight into attacker techniques, Rapid7 strengthens an organization’s ability to defend against everything from opportunistic drive-by attacks to advanced threats. Unlike traditional vulnerability management and incident detection technologies, Rapid7 provides visibility, monitoring, and insight across assets and users from the endpoint to the cloud. Dedicated to solving the toughest security challenges, Rapid7 offers proprietary capabilities to spot intruders leveraging today’s #1 attack vector: compromised credentials. Rapid7 is trusted by more than 3,700 organizations across 90 countries, including 30% of the Fortune 1000.[/su_box]