Photo (cc) by Yutaka Tsutano
Malicious software dubbed KeyRaider is helping hackers steal iPhone account usernames and passwords.
With more than 225,000 accounts affected so far, Palo Alto Networks believes this is “the largest known Apple account theft caused by malware,” the security company reports in a blog post:
Some victims have reported that their stolen Apple accounts show abnormal app purchasing history and others state that their phones have been held for ransom.
KeyRaider was discovered by an amateur Chinese tech group called WeipTech, which is working with Palo Alto Networks.
The good news is that this malware only affects iPhones that have been “jailbroken.” Jailbreaking a smartphone allows a person to access parts of its operating system (in this case, Apple’s iOS operating system) that are otherwise restricted.
KeyRaider targets iPhones that have been jailbroken specifically for the purpose of downloading apps from Apple’s App Store and making app-related purchases without actually paying for them, according to Palo Alto Networks.
The security company advises:
Our primary suggestion for those who want to prevent KeyRaider and similar malware is to never jailbreak your iPhone or iPad if you can avoid it.
CNN Money explains that jailbreaking a smartphone can also allow tech-savvy owners to simply customize their devices more than they would otherwise be able to, but the problem is that the process bypasses barriers that the manufacturer (in this case, Apple) has set up to prevent hacking attacks.
Nicko Van Someren, chief technology officer of the mobile security company Good Technology, tells CNN:
“Users … need to consider carefully if the additional functionality is worth the additional risk.”
Have you or has anyone you know been affected by smartphone malware like KeyRaider? Let us know below or on our Facebook page.