The popular iDevice jailbreaking tool and app market Cydia, was the source of a new malware dubbed “KeyRaider”. As a result upwards of 225,000 jailbroken devices have been affected. This is the largest theft of Apple credentials to date according to Palo-Alto Networks.
In cooperation with WeipTech, we have identified 92 samples of a new iOS malware family in the wild. We have analyzed the samples to determine the author’s ultimate goal and have named this malware “KeyRaider”. We believe this to be the largest known Apple account theft caused by malware. – Palo-Alto Networks
The data compromised included user accounts, purchase history, private keys and certificates. The apparent intent of the original code was to bypass in-app purchases and allow the user to access paid content for free, but the server where this information was stored was unsecured and allowed access to the data via SQL-Injection. For more information, and how to protect yourself if you’re an Apple user, head on over to Palo-Alto’s site.
Carl is an Android enthusiast that got his start with an HTC Hero. Quickly tiring of not being able to change certain things about the device, he sought out the means to do what he wanted; Enter XDA Developers. After spending immense amounts of time on the forums learning, building and sharing, Carl decided to pursue higher education to increase his understanding and focus on a direction in the mobile world. Primarily focusing on security and privacy, Carl intends to gain his CEH and Reverse Engineer malware.