Search KelownaNow
An American network security company based in California says that more than 225,000 Apple accounts and passwords have been stolen.
The company, Palo Alto Networks, along with WeipTech analyzed suspicious Apple iOS tweaks reported by users when they found the privacy breach. The accounts and passwords were stored on a server and is believed to be the largest known Apple account theft caused by malware.
The malware, named “KeyRaider”, targets jailbroken iOS devices and is distributed through third-party repositories in China. According to the company, the threat impacted users from 18 countries including Canada, United States, United Kingdom, China, France, Russia, Japan, and Australia.
KeyRaider steals Apple push notification service certificates and private keys, steals and shares App Store purchasing information, and disables local and remote unlocking functionalities on iPhones and iPads. KeyRaider has successfully stolen over 225,000 valid Apple accounts and thousands of certificates, private keys, and purchasing receipts. The malware uploads stolen data to its command and control (C2) server, which itself contains vulnerabilities that expose user information.
“The purpose of this attack was to make it possible for users of two iOS jailbreak tweaks to download applications from the official App Store and make in-app purchases without actually paying. Jailbreak tweaks are software packages that allow users to perform actions that aren’t typically possible on iOS,” said Palo Alto in a statement. “These two tweaks will hijack app purchase requests, download stolen accounts or purchase receipts from the C2 server, then emulate the iTunes protocol to log in to Apple’s server and purchase apps or other items requested by users. The tweaks have been downloaded over 20,000 times, which suggests around 20,000 users are abusing the 225,000 stolen credentials.”
Victims of the hack have reported that their Apple accounts show abnormal app purchases while others say their phones have been held for ransom. The malware was first reported in July 2015.
If you get value from KelownaNow and believe local independent media is important to our community we ask that you please consider subscribing to our daily newsletter.
If you appreciate what we do, we ask that you consider supporting our local independent news platform.