KeyRaider Malware

Today we learned about hackers using your jailbreak to access Apple Ids and passwords and making illegal purchases on accounts. While it hasn’t been reported here in the US, Apple has found that more than 225k accounts were compromised as of today. sugests the following:

Palo Alto Networks has provided the following instructions for finding and removing the infection on a jailbroken phone:
“1. Install openssh server through Cydia 2. Connect to the device through SSH 3. Go to /Library/MobileSubstrate/DynamicLibraries/, and grep for these strings to all files under this directory:





“If any dylib file contains any one of these strings, we urge users to delete it and delete the plist file with the same filename, then reboot the device. “We also suggest all affected users change their Apple account password after removing the malware, and enable two-factor verifications for Apple IDs.”

While it’s not 100% accurate that your jailbroken device might’ve been infected, it’s better to be safe than sorry.


dtathemes is Stephen Fry proof thanks to caching by WP Super Cache