Key Raider Malware Targets Apple iOS Devices: What is it? Who is is affected? Should I worry?

KeyRaider Malware Targets Apple Devices

KeyRaider Malware Apple iPhone iOS Security

This week Palo Alto Networks announced their identification of the KeyRaider malware attack, “the largest known Apple account theft caused by malware,”  which to date has compromised the IT security of over 225,000 Apple accounts.

How Does KeyRaider Work?

KeyRaider targets “jailbroken” iDevices, which strips Apple devices of their built-in security measures. 

Why would someone “jailbreak” their device? There are a variety of reasons users may choose to “jailbreak” their devices ranging from using banned apps to customizing control centers, but typically the reasons all boil down to wanting to use prohibited downloads or running programs which are not allowed by Apple.

By focusing in on exploiting jailbroken iPhones, KeyRaider is able to: Scrape sensitive account information and steal iTunes usernames, passwords, and sensitive payment information.

Furthermore, KeyRaider is believed to steal Apple push notification service certificates and also to disable native and remote unlocking functionalities on iPhones and iPads.

According to Stephen Coty, the chief security evangelist for Alert Logic, this means that KeyRaider can “lock your phone very similarly to ransomware that has been plaguing many individuals across the world.” 

Two iOS Jailbreak Tweaks Leading to Disaster

KeyRaider Malware Cydia iOS device jailbreak

Throughout their research, WeipTech and Palo Alto Networks identified two iOS jailbreak tweaks which are believed to have stemmed from the popular jailbreaking tool, Cydia.

The tweaks were then downloaded over 20,000 times and have compromised the sensitive information of users across 18 countries in the attack on more than 225,000 accounts. 

Should I be worried? What does KeyRaider mean for my organization’s IT security?

Once More: If you do not have any jailbroken iOS devices in use, your organization is safe from KeyRaider. 

If you are worried about having any sensitive information from your business being compromised by KeyRaider, the first thing you need to do is check that your organizations’ users do not have any jailbroken Apple iPhones or iOS devices in use.

Establish Policies: Prohibit Any and All Jailbroken Device Use Within Your Organization

Throughout this process, make sure to remember that KeyRaider’s success or failure relies on user victims having “hacked” their own iPhones first. 

By jailbreaking iOS devices, users directly open the door to threats such as KeyRaider to compromise accounts.


It’s Safe to Say: Don’t Stay Silent

At the same time, your employees and office users must know that they are safe to report that they have a jailbroken device in use.

Otherwise, without the promise of “safety” you could suffer the consequences of a KeyRaider attack due to users staying silent, devices going unreported, and accounts being exploited.

How can I check if there is a jailbroken iPhone or iOS device in use at my organization?

Unsure if you have any jailbroken devices in place? It may be time to conduct an IT asset inventory.

If you work with an IT services provider, chances are, they already have a detailed inventory technologies and devices with access to and being supported for your business.

IT Security Is Not A One-Off Engagement

Remember, the success of your information security, IT support and ongoing technology improvement programs all require buy-in from your users.

If your people have have never seen your company’s IT policy, employees have no idea of what security best practices are or your organization still needs to be setup to facilitate ongoing updates and regular system maintenance, it may be time so seek out professional IT support services.

Feel like you need to double-check?

Reach out to your San Francisco Bay Area IT services provider to have our local helpdesk team perform a free network assessment of your business IT environment.

Instead of allowing your technology to suffer, keep your users safe from the latest malware and ransomware attacks by having full team of IT specialists ready to answer your questions and solve your problems today!


Comments are closed.


San Francisco Office
315 Montgomery St., 9th Fl
San Francisco, CA 94104

P 415-759-8500

Concord Office
1800 Sutter St., Ste 680
Concord, CA 94520

P 925-459-8500