Apple device security is particularly robust, yet the company’s operating systems are far from impregnable as a recent Apple malware attack has shown. Apple device users have recently been targeted by hackers believed to be operating out of China. The Apple malware attack has so far resulted in the credentials of approximately 225,000 iPhone users being obtained by the hackers.
KeyRaider Responsible for Apple Malware Attack
The malware in question has been named KeyRaider. Fortunately, only device owners who have jailbroken their iPhones are at risk of infection. Jailbreaking an iPhone will allow banned apps to be installed on the devices, but the process also introduces a vulnerability that can be exploited by hackers. KeyRaider attacks devices that have been jailbroken using Cydia: The most popular jailbreaking tool for Apple devices.
Device GUID as well as Apple account user names and passwords have successfully been stolen by KeyRaider. The malware can steal user credentials, Apple purchasing information, private keys, and Apple push notification certificates.
Once infected, user credentials are uploaded to a command and control server, and those data are made accessible to other individuals. The information can be used to purchase apps for Apple devices without the user being charged, instead the charges for the purchases are applied to infected users’ accounts.
To date it has been estimated that as many as 20,000 individuals have downloaded software that allows them to obtain Apple apps for free at the expense of other Apple device users. In some cases, users’ devices have been locked and attackers have demanded ransoms to be paid to unlock the infected iPhones and iPads.
The Apple malware attack was discovered by Palo Alto Networks and China’s WeipTech, although services have now been developed that are capable of detecting devices that have been infected with the malware.
iOS App Store applications being infected with malware
Palo Alto Networks has also recently issued a warning over IOS App Store applications that have been infected with malware. To date, 39 different apps have been discovered to have been infected, placing users of non-jailbroken Apple devices at risk of compromising their iPhones and iPads. Hackers were able to copy and alter Xcode development tools used by iOS app developers, and have been able to infect genuine applications by injecting malicious code.
It is not just relatively obscure apps that have been infected. WeChat is used by hundreds of millions of Apple device owners, and the app was one of those infected with malicious code. That said, the developers of the app, Tencent, have investigated the issue have reported that the malware has not been able to steal user credentials.
The malware infections are understood to be used to steal iCloud login credentials and Chinese security researchers have discovered close to 350 different mobile apps that have been injected with malicious code. Those apps include some of the most popular Apple apps being downloaded in China, such as Didi Kuaidi.
Some of the Chinese App Store apps discovered to have been compromised
The recent Apple malware attacks have come as a surprise to many security researchers and users who considered Apple devices to be perfectly safe. While Apple is without any shadow of a doubt the safest mobile platform, owners of the devices should not consider iOS to be 100% safe.