It’s not everyday that you hear about malware on iOS, so when the news does hit, it hits hard. And while there are mitigating factors that prevent this malware from being spread too far, it’s effects could actually affect even innocent iPhone and iPad users. Nicknamed “KeyRaider”, this new family of iOS malware has been able to harvest more than 200,000 valid Apple accounts. Their purpose? To be able to install apps from the App Store without paying a dime. Of course at the expense of those whose accounts have been compromised.
KeyRaider works to gain access to Apple account user names, passwords, device IDs, security certificates, private keys, and purchasing information. All of these are used to empower two jailbreak tweaks that let unscrupulous users get paid apps for free. Of course, it it isn’t really free as the compromised account that’s being used to purchase the item is actually getting charged, without the real owner’s consent. Jailbreak tweaks that make use of this malware have been noted to have been downloaded 20,000 times already.
That might be just an inconvenience for some victims, but the malware’s capabilities doesn’t end at app purchases. The same account information could be used to hold an app for ransom, remotely controlling the device through iCloud. Unlike most ransomware, however, it is almost impossible to regain control of the account because KeyRaider can disable unlocking the device even if the correct passcode has been entered.
The one ray of hope in this otherwise frightening malware is that it can only target and affect jailbroken iOS devices, which is something that has largely fallen out of practice these days. Jailbreaking iPhones and iPads is a method to gain more control over the device and the OS, allowing users to perform actions not officially supported or even allowed. It does, however, weaken the security of the platform and, as evidenced by this malware, puts users at risk.
SOURCE: Palo Alto Networks