A new family of malware being called KeyRaider has been used to compromise 225,000 Apple accounts, including private keys and purchase histories, along with other personal data and device control. Though it is a huge breach—“We believe this to be the largest known Apple account theft caused by malware,” researchers wrote—the malware is only effective on jailbroken iDevices. So if you haven’t monkeyed with your iOS, you’re probably safe.
Palo Alto Networks published research about the malware on Sunday in collaboration with WeipTech. The malware seems to be coming from third-party distributors in China who specialize in software for jailbroken devices. Researchers estimate that about 20,000 people are taking advantage of the 225,000 compromised Apple accounts, and that there are affected users in 18 countries.
Researcher Claud Xiao wrote:
The purpose of this attack was to make it possible for users of two iOS jailbreak tweaks to download applications from the official App Store and make in-app purchases without actually paying. Jailbreak tweaks are software packages that allow users to perform actions that aren’t typically possible on iOS. ... Some victims have reported that their stolen Apple accounts show abnormal app purchasing history and others state that their phones have been held for ransom.
Jailbreaking your iDevice comes with risks, because the software tweaks aren’t evaluated and protected by Apple. That doesn’t mean, though, that leaving your iPhone (or Apple Watch or whatever) intact is a guarantee that it will never have vulnerabilities. Stay educated about what you download, and keep installing software updates.