Hackers using malicious software (malware) called KeyRaider have stolen Apple account details from over 225, 000 users from 18 countries including China, France, Russia, Japan, the United Kingdom, the United States, Canada, Germany, Australia, Israel, Italy, Spain, Singapore, and South Korea. KeyRaider allegedly targets jail-broken iOS devices, and is distributed through third-party Cydia repositories in China.
Some victims have already seen fraudulent charges on their accounts as the criminals use account details to download premium apps for other devices. At least one user has seen their device locked and been presented with a ransom demand.
Security researchers have identified 92 samples of the malware family which is reportedly the “largest known Apple account theft caused by malware.” The stolen accounts can be used for app promotion, spam and device unlocking, as well as fraud.
Analyst comment:
Pinkerton advises iPhone users to avoid jail-breaking their devices, to minimize the risk of falling victim to this attack, and to ensure that their operating systems are regularly updated. Users who see anomalous activity on their Apple store accounts should immediately change their passwords and inform Apple security about the breach. Clients should ensure that credit card and other financial details are secure by contacting their bank. It is also best to avoid related hacking sites and restrict access to secure websites, with the use of an effective mobile firewall system.
While the overall number of infected systems is a very small fraction of total Apple users; even corporate iPhone users should have their devices checked by IT security to ensure that the virus has not been compromised. The virus is reportedly more widespread among Chinese users, and therefore Apple users in that country should be more cautious.