A cybersecurity company found the largest known Apple account hack stemming from malware, affecting jailbroken devices. An online tool allows users to check whether they were affected.
The malware is dubbed "KeyRaider" and it compromised at least 225,000 Apple IDs and passwords, leading researchers to estimate that it's the largest malware-caused Apple account theft so far.
As Palo Alto Networks points out, the malware only affects jailbroken iPhones, iPads and iPods Touch that suffered modifications to allow the installation of various apps that bypassed the App Store approval process.
Those who have jailbroken their device, downloaded certain tweaks and installed apps may have also gotten this nasty piece of malware that stole Apple IDs and passwords.
According to the researchers, the malware affected iOS users in at least 14 countries, including the U.S., the UK, China, France, Japan, Russia, Canada, Australia, Germany, Spain, Italy, Israel, South Korea and Singapore.
If there's a good part about all of this, it's that not all jailbroken devices are necessarily affected by the malware. KeyRaider affects users who have jailbroken their device and installed an app from a third-party China-based Cydia repository. Those who haven't installed such apps should be safe. Those who did install apps from that repository, however, reportedly found unusual activity in their Apple accounts. The malware can do a lot of damage, researchers warn.
Not only can it locally disable all unlocking operations, regardless of whether the user enters the right password or passcode, but it can also hold compromised devices for ransom. Using the stolen private key and certificate, the malware tool sends a notification message of the ransom without needing to pass through Apple's push server. According to researchers, this functionality makes some "rescue" solutions ineffective.
Security company WeipTech developed an online tool to help users find out whether they got the malware or not. If you have jailbroken your iOS device and worry that KeyRaider may have compromised your Apple account, use the WeipTech tool to know where you stand. The site is in Chinese, but if you use Google Translate you should be able to find your way around.