PALO ALTO (KRON/CNN) — Hackers have stolen more than 225,000 Apple accounts from iPhone customers in what cyber security experts are calling the “the largest known Apple account theft caused by malware.”
Palo Alto Networks (PANW) discovered the hack along with Chinese tech group WeipTech. They say the good news for most iPhone customers is that the malware, nicknamed KeyRaider, only targets users with “jailbroken” iPhones.
“Jailbreaking” is a practice that allows iPhone owners to access parts of a phone’s file systems that are otherwise restricted for security reasons and it allows users to install apps that aren’t approved by Apple’s app store. The practice is done mostly outside the U.S., and experts say that the hacking victims seem to be largely Chinese iPhone users.
Once infected with the KeyRaider malware, hackers can access an iPhone owner’s iTunes App Store information, including the account username, password and the iPhone’s unique ID.
It also steals information about App Store purchases and can hijack a victim’s iTunes payment information, while also preventing people from recovering their phones once they’ve been hacked.
The hackers aren’t keeping all that information for themselves. They have allowed other people to take advantage of the stolen account information.
Experts say the hackers have uploaded software that lets other people purchase iTunes apps for “free,” using the victims’ accounts. About 20,000 people have downloaded the software that lets them steal from the 225,000 affected iPhone owners.
Palo Alto Networks said victims have reported that their Apple account purchase history has displayed apps they never bought. Others say their phones have been locked, and the hackers are demanding a ransom to return access to the owners.
“Jailbreaking” cell phones can be a useful way for technologically savvy iPhone owners to customize their devices to their liking and install apps that don’t appear on the iTunes App Store. But experts say it also bypasses some important barriers Apple puts in place to prevent these kind of attacks from happening.
“Users … need to consider carefully if the additional functionality is worth the additional risk,” said Nicko Van Someren, chief technology officer of mobile security company Good Technology.