Researchers over at Palo Alto Networks and WeipTech have stumbled across a strain of particularly nasty iOS Malware, now dubbed as KeyRaider, because it raids victims’ passwords, private keys and certificates. (Just like “Lurker” and “Reaper”, Raider is also a unit in Blizzard’s real-time strategy games.). The Malware is believed to have been written to harvest device IDs from jailbroken Apple iOS devices. Although the strain has only yet been seen in the wild inone of Chinese cydia repositories, Weiphone, where it’s believed to have successfully lifted 225,00 IDs, thousands of certificates, private keys, and iTunes and AppStore receipts from infected devices!
It was first discovered by device owners when they noticed unauthorised purchases on their Apple accounts, and shows no signs of infection on the device itself.
Devices believed to be infected are in the following 8 countries China, France, Russia, Japan, United Kingdom, United States, Canada, Germany, Australia, Israel, Italy, Spain, Singapore, and South Korea.
The Malware uses MobileSubstrate to latch onto low-level system process and then go on to steal Apple account usernames, passwords and device GUID when the device is hooked up to a computer and syncing with iTunes.
WeipTech go on to say that the idea behind the Malware is to enable unscrupulous users from using stolen account credentials for making purchased in Apple’s online stores. Its thought that over 20,000 user have already started abusing the stolen 225,000 stolen credentials!
If you do decide, or have already jailbroken your phone – you need to ensure you only download packages from trusted repositories. Although this is only known to inhabit one repository currently, theres’s a good chance that this, or similar malware strains will spread to other cydia repositories. Especially if it proves as fruitful as it has to date.
There’s currently no way, besides users discretion, to protect against such iOS infections. This is largely due to the fact that software is unable to perform background OS level scans on iOS. Which is something which is unlikely to change in the near future.