A recently discovered group of malware that infects jailbroken iPhones has gathered the login information for more than 225,000 Apple accounts, and is believed to be one of the largest breaches of Apple accounts ever.
The malware, dubbed KeyRaider by its discoverer, found its way to victims via websites that hosted repositories of Cydia software. Cydia is an app that allows users of jailbroken iOS devices to access software and apps locked phones can’t normally access. The malware then steals Apple account information by intercepting iTunes traffic from the device.
Palo Alto Networks (PAN) and WeipTech, which found the vulnerability, estimates that the batch of stolen logins have been downloaded more than 20,000 times.
An analysis of the stolen accounts found that more than half of the email addresses were from a service provided by Tencent, suggesting that most of the affected users were Chinese, although the addresses contained region domains from 17 other countries including the United States, Canada, Israel, South Korea, and Japan.
Victims of the malware have reported irregular purchase histories on their accounts and their phones being held for ransom. One victim found his iPhone locked, with the display instructing him to contact an account on QQ, a popular Chinese chat service, to unlock the phone.
