Users running Apple’s iOS software may have been exposed to a nasty piece of malware which threatens to steal user data and make unauthorized app purchases.
This malicious software has been dubbed ‘KeyRaider’ and has been responsible for uploading sensitive user information to a central server. This type of data theft is alarming enough, but affected users are also having to contend with KeyRaider purchasing apps without authorization.
The KeyRaider infection, so far, only appears to affect Apple devices which have gone through the ‘jailbreak’ process, but up to 225,000 accounts have been compromised as a result.
How did KeyRaider Start?
Jailbreaking an Apple device involves removing hardware restrictions enforced by iOS and is a fairly common practice for Apple users who are tech savvy. The aim of jailbreaking is to give more control over how the device runs and to enhance functionality.
Now, a whole industry has sprung up around jailbreaking in order to really highlight what an Apple device can do and to show off developers’ coding skills. And at least one amateur developer has decided to exploit this desire by creating jailbreak tweaks which hide a nasty surprise.
Once these tweaks are installed on an Apple device the system becomes compromised and puts the user at risk of a serious infringement of their security.
The Malicious Tweaks in Full
Two jailbreak tweaks in particular have been identified for putting users at risk of contracting the KeyRaider malware and they are:
- iappstore – This jailbreak tweak promises to allow jailbroken devices to download paid apps from the App Store without spending a single cent.
- iappinbuy – Many apps require users to make in-app purchases to enhance that app’s experience e.g. unlocking extra features in games. And this particular tweak pledges to circumnavigate the payment.
Despite many Apple users doubting the authenticity of these tweaks, they were downloaded over 20,000 times. And every single download puts users’ personal data at risk.
What Type of Data Is Being Stolen?
KeyRaider appears to be stealing three types of data from users under the following categories:
- Usernames, passwords and the Apple devices ‘global unique identifier’
- Push notification service certificates and private keys
- App Store purchase logs
These three forms of data carry very powerful user information which is allowing KeyRaider to create high levels of panic particularly due to the financial edge.
How to Protect your Apple Device
The simplest piece of advice we can give you is NOT to jailbreak your Apple device. They’re pretty amazing bits of kit as they are, so some things are better off left alone. However, I appreciate that many people want that little bit extra, so we advise the following:
- Do NOT download the iappstore or iappinbuy app.
- Avoid downloading anything from Cydia Substrate which is like the App Store, but for jailbroken devices – this is where the malicious tweaks first surfaced.
- If something sounds too good to be true – such as not paying for paid apps – then it probably isn’t worth installing.
By following this advice you will safeguard your Apple device from disruptive malware such as KeyRaider.
For more ways to secure and optimize your business technology, contact your local IT professionals.
