Jailbreaking pirates popped in world's largest iCloud raid

[steven36]

Cheaters, tweakers, hackers and crackers torn up by nasty Cydia bundle.

The largest Apple credential raid in history has seen nearly a quarter of a million accounts compromised by malware targeting app pirates.

The hack spree affecting at least 225,000 valid Apple accounts is hitting targeting jailbroken iThings in which users break Cupertino's strict device security device controls.

Jailbreaking is popular but actively smothered by Apple which releases updates to squash necessary exploits. The modification is performed in order to tap into additional tweaks through the alternative Cydia store, and by some wanting to pirate apps.

Palo Alto Networks researcher Claud Xiao says the KeyRaider malware is ripping credentials and GUIDs and furrying it off to remote servers by eavesdropping on the user's iTunes data.

"We believe this to be the largest known Apple account theft caused by malware," Xiao says.

"The malware hooks system processes through MobileSubstrate, and steals Apple account usernames, passwords and device GUID by intercepting iTunes traffic on the device.

"The purpose of this attack was to make it possible for users of two iOS jailbreak tweaks to download applications from the official App Store and make in-app purchases without actually paying.

Xiao says KeyRaider steals Apple push notification service certificates and private keys, shares App Store purchasing information, and disables local and remote unlocking functionalities on iPhones and iPads.

Affected users are located mainly in China but herald from 17 other countries including Britain, France, the US, and Australia.

Some victims say they are being locked out of phones and forced to pay ransoms.

The malware is bundled into jailbreak tweaks and being served on the Weiphone jailbreak forum by suspected VXer known as mischa07 who specialises in cheats and tweaks.

The attack was discovered by a Yangzhou University student known as i_82 who worked with Xiao alongside a group. Together they exploited an SQL injection vulnerability on the bad guy's server to learn about the attack.

They siphoned about half of the stolen accounts before the VXer became savvy and punted the white hats. They have now set up a website for users to check if they are impacted.

Source