Users of third-party iOS software are being warned to check for suspicious account activity after the discovery of a new malware variant coined KeyRaider that has compromised data from over 225,000 Apple accounts.
The malware has also stolen thousands of official Apple user certificates, private keys and purchasing receipts, and is able to take control of a device through iCloud and steal any connected user data such as iMessage logs, contacts, photos, emails and documents.
The KeyRaider malware was uncovered by researchers at Palo Alto Networks and Chinese technical group WeipTec. It targets jailbroken iOS devices and is distributed through third-party software marketplaces such as Cydia.
Many Apple users jailbreak their devices to run unofficial software, widgets and applications, but this can often create vulnerabilities that are exploitable by hackers.
A large number of affected users are reportedly from China, but the researchers indicated that this is a global operation spanning 18 countries including the UK, US, France, Russia, Japan and Germany.
"The purpose of this attack was to make it possible for users of two iOS jailbreak tweaks to download applications from the official App Store and make in-app purchases without actually paying," said the research paper.
"KeyRaider steals Apple push notification service certificates and private keys, steals and shares App Store purchasing information, and disables local and remote unlocking functionalities on iPhones and iPads."
Palo Alto said that KeyRaider malware has been downloaded over 20,000 times and that a number of victims have reported unusual account purchases and even ransomware threats.
"Previous iPhone ransomware attacks are based on remotely controlling the iOS device through the iCloud service," the research paper said.
"Some of these attacks can be avoided by resetting the account password to regain control of iCloud. KeyRaider is different. It can locally disable any kind of unlocking operations, whether the correct passcode or password has been entered."
KeyRaider will not affect the majority of Apple users who use official avenues to purchase applications and software.
However, the researchers warned that anyone who has installed applications or software tweaks from "untrusted Cydia sources" could be affected by the malware and are at increased risk of hacking.
"Our primary suggestion for those who want to prevent KeyRaider and similar malware is to never jailbreak your iPhone or iPad if you can avoid it," the research said.
"At this point, there aren't any Cydia repositories that perform strict security checks on apps or tweaks uploaded to them. Use all Cydia repositories at your own risk."
The news follows the discovery of a number of mobile vulnerabilities. Most recently, security researchers at FireEye uncovered a flaw in iOS that could allow malicious applications to remain open for an unlimited time while remaining hidden from unsuspecting users.
Dubbed Ins0mnia, the security vulnerability circumvents the usual three-minute time-out limitations imposed by Apple and can even affect non-jailbroken devices if left unpatched.
V3 contacted Apple for a comment but had received no reply at the time of publication.
Not all loose ends tied yet, admits Bain backer SK Hynix
It's Stack Overflow's second calculator, and first for external devs
Theresa May always the keenest cabinet voice in favour of draconian online censorship, surveillance and controls
No need to waste time on Google launch planned for 4 October