It has emerged that hackers have used a virus to steal Apple account details from 225,000 iPhones in what is thought to be the biggest theft of its kind.
The Apple hack has hit 225,000 users from 18 countries including China, France, Russia,
Japan, United Kingdom, United States, Canada, Germany, Australia, Israel, Italy, Spain, Singapore, and South Korea.
The attack used malware called KeyRaider, which steals account details from infected iPhones, according to researchers Palo Alto Networks.
Some victims have already seen fraudulent charges on their accounts – where the criminals use account details to download premium apps for other devices.
At least one user has seen their device locked and been presented with a ransom demand.
Palo Alto networks says that the malware only affects jailbroken devices, and appears to be spread by apps on third-party app stores such as Cydia.
“This may be a hack against the iPhone, but it really is not a hit on Apple’s reputation since it only affects jail broken iPhones,” says Stephen Coty, chief security evangelist, Alert Logic.
“This means if you have unlocked from the Apple only network, and can then buy downloads from other sources other than Apple’s official app store, and use previously locked functions of the phone such as command line interfaces and Wi-Fi scanning capabilities. If you have jailbroken your iPhone, you are turning the phone into a potential portable hacking device that fits in your hand.
What seems to be cool about the KeyRaider malware is that it not only scraps your account data, but it also can lock your phone very similarly to ransomware that has been plaguing many individuals across the world.”
If you are worried, the researchers offer a step-by-step guide to seeing if your device has been infected.
The researchers say, ‘It can locally disable any kind of unlocking operations, whether the correct passcode or password has been entered.
‘Also, it can send a notification message demanding a ransom directly using the stolen certificate and private key, without going through Apple’s push server. Because of this functionality, some of previously used ‘rescue’ methods are no longer effective.’