New iOS malware strain steals 225,000 Apple logons
‘KeyRaider’ responsible for ‘largest known Apple account theft caused by malware’, say researchers
Some 225,000 stolen Apple accounts credentials are being used to bypass payment walls on the App Store and inside third-party iOS apps, according to Palo Alto Networks' Unit 42 threat assessment division.
The credentials were found on a server by amateur Chinese tech team WeipTech, Unit 42 said in a blog post yesterday. Palo Alto's team began its own investigation, in co-operation with WeipTech.
"We believe this to be the largest known Apple account theft caused by malware," Unit 42 said.
The strain of malicious code responsible for stealing the credentials has been named "KeyRaider" by Palo Alto's researchers and the team said it had found 92 samples in the wild, all on jailbroken devices.
Most of the victims are based in China, with around half using email addresses provided by Tencent. But the iOS malware also affected users in France, Russia, Japan, the UK, the US, Canada, Germany, Australia, Italy, Spain, Singapore, and South Korea.
"KeyRaider targets jailbroken iOS devices and is distributed through third-party Cydia repositories in China," Unit 42 reported. "In total, it appears this threat may have impacted users from 18 countries."
Continues on next page>>