Over 225,000 Apple Accounts Compromised Via iOS Malware on Jailbroken Devices

[OldSchoolMacGuy]

Researchers from Palo Alto Networks and WeipTech have unearthed a scheme that resulted in the largest known Apple account theft caused by malware. All in all, some 225,000 valid Apple accounts have been compromised. The theft is executed via variants of the KeyRaider iOS malware, which targets jailbroken iOS devices. Most of the victims are Chinese — the malware is distributed through third-party Cydia repositories in China — but users in other countries have also been affected (European countries, the U.S., Australia, South Korea, and so on).

"The malware hooks system processes through MobileSubstrate, and steals Apple account usernames, passwords and device GUID by intercepting iTunes traffic on the device," Palo Alto researcher Claud Xiao explained. "KeyRaider steals Apple push notification service certificates and private keys, steals and shares App Store purchasing information, and disables local and remote unlocking functionalities on iPhones and iPads."

http://www.net-security.org/malware_news.php?id=3089

 

[eyoungren]

The key point here (IMO)…

The stolen information is stored on a C&C server that the researchers have managed to access. It's used by users of two iOS jailbreak tweaks (iappstore and iappinbuy) to download apps from Apple's App Store and to perform in-app purchases - all for free.

So, in other words if you got those tweaks in order to avoid legitimately paying for apps from the app store (i.e, pirating) you've been compromised.

 

[eyoungren]

Uhm yeah. So Apple now knows exactly who's been stealing from them.

Apple has been informed of the matter, and has been given the stolen account information - hopefully they are contacting affected users to let them know they should change their passwords and purge their devices, but who knows? The company isn't a fan of jailbreaking.

 

[jamezr]

If you compromise a devices security anything can happen.

A newly discovered malware family that preys on jailbroken iPhones has collected login credentials for more than 225,000 Apple accounts, making it one of the largest Apple account compromises to be caused by malware.

KeyRaider, as the malware family has been dubbed, is distributed through a third-party repository of Cydia, which markets itself as an alternative to Apple's official App Store. Malicious code surreptitiously included with Cydia apps is creating problems for people in China and at least 17 other countries, including France, Russia, Japan, and the UK. Not only has it pilfered account data for 225,941 Apple accounts, it has also disabled some infected phones until users pay a ransom, and it has made unauthorized charges against some victims' accounts.

Researchers with Palo Alto Networks worked with members of the Chinese iPhone community Weiphone after members found the unauthorized charges. In a blog post published Sunday, the Palo Alto Networks researchers wrote:

http://arstechnica.com/security/201...rstechnica/index+(Ars+Technica+-+All+content)

 

[eyoungren]

If you compromise a devices security anything can happen.


http://arstechnica.com/security/201...rstechnica/index+(Ars+Technica+-+All+content)

If you use tweaks and apps that let you pirate stuff for free you get what you deserve.

These people wouldn't have been compromised if they hadn't been trying to avoid paying for things.

 

[Totally]

Nice. I guess this is what happens when you try and game the system. It's sad that so many jailbreakers jailbreak to try to do this. I feel like 225,000 is more than a negligible fraction of the jailbreak community.

 

[Ev0d3vil]

So if I don't use those two tweaks I'm safe?

 

[Arran]

So if I don't use those two tweaks I'm safe?

No.

You might be compromised already by some other tweak or hack. You just don't know it. Yet.

Edit: Is it just me, or is something in this new forum software not saving edits/updates?

 

[OldSchoolMacGuy]

No.

You mean be compromised already by some other tweak or hack. You just don't know it. Yet.

Exactly. How do you know any of the stuff you've installed on a jailbroken device isn't compromised? You don't. There's little safeguard keeping you from installing anything malicious without your knowledge.

 

[eyoungren]

Edit: Is it just me, or is something in this new forum software not saving edits/updates?

You have to wait a little bit between edits for the cache to catch up.

I've had that experience and waiting a little was the solution.

 

[eyoungren]

Exactly. How do you know any of the stuff you've installed on a jailbroken device isn't compromised? You don't. There's little safeguard keeping you from installing anything malicious without your knowledge.

While there is never a guarantee, there is a difference between staying as safe as you can (default/well known repos, tweaks and apps) and willy nilly going out and installing something like this.

I mean really! Is ANYONE actually surprised by this? If you are, then I doubt the sincerity you take to the security of your jailbreak.

 

[white4s]

If you use tweaks and apps that let you pirate stuff for free you get what you deserve.

These people wouldn't have been compromised if they hadn't been trying to avoid paying for things.

not all jailbreakers do it to get **** for free stop generalizing

i do it to customize my phone the way i want. it's no secret that a factory iphone is boring as all hell

 

[eyoungren]

not all jailbreakers do it to get **** for free stop generalizing like you know what you're talking about

i and many other jailbreakers do it to customize our phones the way we want. it's no secret that a factory iphone is boring as all hell

You misunderstand me.

I am not anti-jailbreaking. This post is in the JB forum. I've jailbroken every phone I've had since I got a 3GS in late 2011. My iPhone 5 was jailbroken on iOS 6 and 7 and is currently jailbroken on iOS 8.3.

My iPhone 6+ was jailbroken on 8.1.2 in the first hour I owned it. As I type this I am loading Cydia.

It seemed to me that the original post was anti-jailbreak in that the title of the article seems to imply that the actual act of jailbreaking was what compromised these people and not their illicit activities.

I pay for my tweaks and apps and my apps in the app store. Which is why I've noted here that those who've been compromised were using tweaks that let them get all that for free.

My argument isn't anti-jailbreak, my argument is anti-stupid.

 

[Will22]

not all jailbreakers do it to get **** for free stop generalizing

i do it to customize my phone the way i want. it's no secret that a factory iphone is boring as all hell

If I'm not mistaken eyoungren is jailbroken so I think you may have taken what he said the wrong way. I think what he means is that if you jailbreak and stick to the well known tweaks you should be okay but if your getting repos from here there and anywhere you're asking for trouble.

Edit, shouldn't have stopped typing to get that coffee.

 

[eyoungren]

If I'm not mistaken eyoungren is jailbroken so I think you may have taken what he said the wrong way. I think what he means is that if you jailbreak and stick to the well known tweaks you should be okay but if your getting repos from here there and anywhere you're asking for trouble.

Edit, shouldn't have stopped typing to get that coffee.

That's exactly what I mean.

I jailbreak because I want to theme my phone the way I want, not to rip off devs and the app store.

 

[white4s]

not to rip off devs and the app store.

i forget that's possible since i only think of customization when i hear the word jailbreak

 

[pat500000]

paid hack or not...you all have been compromised.

 

[Dreamliner330]

paid hack or not...you all have been compromised.

Tell us more.

 

[eyoungren]

paid hack or not...you all have been compromised.

Is that remark intended to make us afraid, intimidated, remorseful, scared or otherwise running to DFU restore our iPhones?

Because if it is…well you've posted in the jailbreak forums. And I have no intention of unjailbreaking just because of your comment. If you're right then I will continued to be compromised and jailbroken if I want to and nothing further you have to say is going to change that.

 

[aziatiklover]

This is why I stop jailbroken for years now.

http://troll.me/images/trololo/trollolol-hahahaha.jpg

 

[eyoungren]

This is why I stop jailbroken for years now.

http://troll.me/images/trololo/trollolol-hahahaha.jpg

Can't quite figure you out. Are you saying the other user is a troll, or are you saying YOU are trolling this thread based on the fact that you stopped jailbreaking years ago.

I'm thinking the latter based on what you said in a jailbreak forum.

 

[pat500000]

Is that remark intended to make us afraid, intimidated, remorseful, scared or otherwise running to DFU restore our iPhones?

Because if it is…well you've posted in the jailbreak forums. And I have no intention of unjailbreaking just because of your comment. If you're right then I will continued to be compromised and jailbroken if I want to and nothing further you have to say is going to change that.

I am not gonna stop you or nor care. I'm just stating that you all have been compromised. What's so bad about that?

 

[pat500000]

Tell us more.

I'm sure you read the topic, yes?

 

[Dreamliner330]

I'm sure you read the topic, yes?

If you did, you would not say such ignorant things.

 

[pat500000]

If you did, you would not say such ignorant things.

not intended as ignorant. Thank you very much. EDIT: Also, if you disagree, you could NOT respond. Just saying.