More than 200,000 jailbreaked iOS devices in the past have been found infected by malware, account information has been leaked out

Security countermeasure companyPalo Alto Networks, But more than 225,000 iOS terminals worldwide including Japan are using malware "KeyRaider"It announced that it is infected with. KeyRaiderJailbreakIt is said that it infects only iPhone and iPad that you did, but it is pointed out that by infecting it you can lock your device from the outside, steal application purchase history, or purchase app without user's permission.

KeyRaider: iOS Malware Steals Over 225,000 Apple Accounts to Create Free App Utopia - Palo Alto Networks BlogPalo Alto Networks Blog
http://researchcenter.paloaltonetworks.com/2015/08/keyraider-ios-malware-steals-over-225000-apple-accounts-to-create-free-app-utopia/

I received a report on the vulnerability of iOS from usersWeipTechAccording to an independent investigation, it was found that 225,000 accounts had stolen password information from Apple server. Please note that all iOS stolen passwords were jailbroken terminals.


Palo Alto Networks collaborated with WeipTech to analyze the terminal that the password leaked this time, and succeeded in extracting 92 types of malware samples. Malware that leaked the largest account information of more than 200,000 in the past was named "KeyRaider".

KeyRaider from investigationCydiaIt turned out that it infected via a store that distributes applications that have not passed the App Store certification called Store. Infections are spreading all over the world, and at present there are currently China, Taiwan, France, Russia, Japan, UK, USA, Canada, Germany, Netherlands, Australia, Israel, Italy, Spain, Singapore, Korea, Czech Republic, Vietnam, Poland, Singapore It seems that it influences the terminal of the user of 18 countries.

According to Palo Alto Networks, the damage that can be caused by infecting KeyRaider is that it can intercept iTunes traffic and steal GUID which is the unique information of Apple account, password of Apple account, certificate of push notification service and It is pointed out that the secret key is stolen, the app purchase history information on the App Store is shared to the outside, the terminal's remote lock function is disabled and the terminal is locked from the outside.

A user named "mischa 07" who is doubtful as the original author of KeyRaider.


An application with malware downloaded over 30,000 times has also been found.


Because of the jailbroken terminal, I can install an application with unauthorized Apple malware.


Two servers, "top100.gotoip4.com" and "www.wushidou.cn", are specified as the destination of user data used by KeyRaider, and the IP addresses of these servers are "113.10.174.167" .


Some users are receiving intimidation saying "Please call me if you want to unlock".