Over 225K Jailbroken iPhones Compromised by Chinese Malware

Breaking News Emails

Get breaking news alerts and special reports. The news and stories that matter, delivered weekday mornings.
By Devin Coldewey

Nearly a quarter of a million iPhones have fallen victim to a piece of Chinese malware distributed through a third-party app store for jailbroken devices. "KeyRaider," as security researchers at Palo Alto Networks have dubbed it, was installed as part of tools downloaded by a large community of Chinese Apple fans called Weiphone.

Related: Bug Exposes 1,000 iPhone and iPad Apps to Possible Hacks

Jailbroken iPhones are more common in China as a way to access apps and services not available via official means, and large websites and forums have arisen promoting and distributing software. But with few controls in place to watch for malware, the risk of being hacked is very real.

In this case, some 225,000 users had their phones infected by a bit of code piggybacking on more ordinary software downloaded via the popular Cydia app repository. This code intercepted transmissions to and from the official Apple App Store, sending the credentials and login information to a website, where it was stored. Another app, used by at least 20,000 people, used those credentials to buy apps and in-app items.

Related: Venom: Is New Security Bug as Scary as It Sounds?

It was only when the website storing the harvested information was itself hacked (after users reported strange charges and traffic) that the extent of this malware attack was made clear. Most of the affected users are in China, but some were in the U.S. and Europe, or at least had I.P. addresses there.

Are you in danger? Unless you've jailbroken your phone and are in the habit of downloading apps from Chinese software communities, you're probably okay.

What Is Bricking?

Nov. 19, 201400:43