Hackers attack Apple accounts

Published 12:00 am Thursday, September 3, 2015

Hackers have attacked jailbroken iOS devices and obtained access to more than 225,000 Apple accounts, according to a Silicon Valley network security company.

Palo Alto Networks said in a blog post this week that the malware, named KeyRaider, may have affected users from 18 countries including the U.S., China, France, Japan, Canada and Australia.

“We believe this to be the largest known Apple account theft caused by malware,” the firm said. “KeyRaider steals Apple push notification service certificates and private keys, steals and shares App Store purchasing information, and disables local and remote unlocking functionalities on iPhones and iPads.”

The attack makes it possible to download jailbreak tweaks to make unauthorized in-app purchases without paying for them.

It noted that some Apple users have reported that their accounts show abnormal app purchase history.

An Apple spokesman noted that the issue only affects users who have jailbroken devices and have downloaded malware from untrustworthy sources.

“We have taken steps to protect those affected by the issue by automatically helping the owners reset their iCloud account with a new password,” the Cupertino, California, company said.

Apple strongly recommend against jailbreaking devices, which eliminates security layers designed to protect personal information.