More than a quarter-million Apple users from 18 different countries had accounts stolen after they made themselves vulnerable by jailbreaking their devices, researchers announced today.
The theft represents the largest known theft of Apple accounts caused by malware, according to Palo Alto Networks, adding further caution to Apple users to avoid installing programs not meant for iPhones and iPads.
The term jailbreak refers to attempts to remove manufacturer restrictions on devices so that users can download apps not be approved by the providers. Eliminating these restrictions on Apple devices compromises security, paving the way for viruses or hacks from malicious software, known as malware.
In the case of the stolen accounts reported by Palo Alto Networks and Weiptech, the credentials were stolen through malware that originated from the popular jailbreak tool, Cydia. The thefts were discovered when researchers reverse-engineered the hack and attacked the control server where the data was stored, according to a report on the website The Next Web.
According to researchers, the malware, Key Raider, uploaded data to that control server that included logins, purchasing receipts and device IDs.
Palo Alto Networks said the stolen information can be used to purchases apps from Apple, hold iOS devices hostage for ransom or sell account usernames to spammers.
“Our primary suggestion for those who want to prevent KeyRaider and similar malware is to never jailbreak your iPhone or iPad,” said Claud Xiao, who authored the report for Palo Alto Networks.
Source: The Next Web