Jailbroken iDevice owners who have KeyRaider malware installed on their devices can now get rid of it.
KeyRaider affects iOS devices, especially iPhones. Through the malware, hackers can steal data as well as login information. They can lock an iDevice and demand a ransom from the owner to have it unlocked.
The iOS exploit was found by cybersecurity firm Palo Alto Networks in August. The malware is said to have stolen the data of more than 225,000 iDevice owners, and some market experts believe that KeyRaider is the most damaging malware for iDevices.
Apple has strict security features on its iPads and iPhones. However, these security features are compromised when a device is jailbroken. KeyRaider has affected only jailbroken devices, and researchers suggest that the malware has been reported in about 18 countries, including the U.S., UK, Canada, China, Japan, Russia, Singapore, France, Australia, Spain, Germany, Israel, Italy, South Korea, and Singapore, among others.
"KeyRaider targets jailbroken iOS devices and is distributed through third-party Cydia repositories in China," stated Palo Alto Networks. "KeyRaider steals Apple push notification service certificates and private keys, steals and shares App Store purchasing information, and disables local and remote unlocking functionalities on iPhones and iPads."
Many owners of jailbroken iDevices will be worried if they are at risk. A Reddit user by the name of Flu17 has, however, found a way to eliminate the threat arising from KeyRaider. Here are the steps that can be followed to fix a compromised device:
Step 1: Users should search Cydia for Filza File Manager then install it.
Step 2: Once the file has been installed, users will have to launch the app and navigate to /Library/MobileSubstrate/DynamicLibraries/.
Step 3: Files ending with .dylib should be selected and opened.
Step 4: Once the file is opened, users will see many hex codes. Using the search bar, users should search for the following keywords: wushidou, gotoip4, bamu and getHanzi.
Step 5: If any of the above keywords are mentioned, then the device is infected by KeyRaider. Users will have to delete these files along with their corresponding .plist file with the same name to get rid of the threat.
These steps should be performed for all .dylib files in the device's directory. After deleting all necessary files, users will have to reboot their device to complete the procedure.
Photo: Ervins Strauhmanis | Flickr