KeyRaider: More than 225,000 stolen credentials on iPhone jailbroken

iPhones subject to jailbreak may be victims of malware that steals your Apple, to make them available to the other two software can make purchases on the App Store without making payments.

It was recently discovered a family of malware that targets iPhones subject to jailbreak and collected the login credentials of over 225,000 Apple account in what is the biggest compromise of account of the apple caused by malware.

KeyRaider, the name of the family of malware is distributed by a third party repositories Cydia, the app-store ” alternative ” to the iPhone subject to jailbreak. The malicious code, surreptitiously hidden in the Cydia app, is creating problems for many users in China and at least 17 other countries, including Italy and most other European nations. In addition to the theft of credentials, malware also disabled some phones until the user has not paid a ransom, and made unauthorized charges on the account of some victims.

The purpose of KeyRaider, the researchers explain safety of Palo Alto Networks, it is to make available to users of IOS systems with jailbreak to exploit two small software that allow you to download applications from the App Store of Apple and to make in-app purchases without pay, using the stolen credentials to other users.

The information gathered by KeyRaider are loaded on a command and control server and from there used to emulate protocols iTunes to log in on Apple’s servers and do the scrolls. The two software was downloaded about 20,000 times, suggesting that an equal number of users are abusing the 225,000 stolen credentials.

If this were not enough the command and control server on which are loaded with stolen information KeyRaider it is also subject to a SQL-injection vulnerability that allows third parties to access the content server.