PALO ALTO — In what is being called the biggest Apple account malware attack ever, hackers have broken into more than 225,000 Apple accounts on jailbroken iOS devices. They’ve stolen usernames and passwords, made purchases, even held phones for ransom.

The malware is dubbed ‘Key Raider.’ The cybersecurity experts at Palo Alto Networks and WeipTech discovered it when users reported suspicious iOS tweaks on their Apple devices. KeyRaider steals usernames, passwords and device GUID (globally unique identifier) by “intercepting iTunes traffic.”

READ MORE: California Drought: Healdsburg Bans Sprinklers; Sets Personal Water Use To 74 Gallons A Day

“KeyRaider steals Apple push notification service certificates and private keys, steals and shares App Store purchasing information, and disables local and remote unlocking functionalities on iPhones and iPads,” Palo Alto Networks wrote in a blog post.

(Thinkstock)

(Thinkstock)

The hack only affects jailbroken Apple devices whose iOS hardware restrictions have been removed. Apple strongly discourages such “unauthorized modifications,” but will help owners of affected phones restore jailbroken phones and reset their iCloud accounts with new passwords.

The threat may have impacted users in 18 countries including the United States, Canada, China, France, Russia, Japan, United Kingdom, Germany, Australia, Israel, Italy, Spain, Singapore, and South Korea.

Victims report seeing abnormal app purchases on their Apple accounts. Some have even had their phones held for ransom.

READ MORE: 3-Alarm Fire Burns 2 Buildings at West Oakland Recycling Center

From hacked phones, attackers can launch more attacks.

“They can control the device through iCloud and compromise the victim’s private data contained in their iMessage logs, contacts, photos, emails, documents and location.”

Palo Alto Networks has posted instructions explaining how to detect the malware. They advise affected users to “change their Apple account password after removing the malware, and enable two-factor verifications for Apple IDs.”


CBSSF.com writer, producer Jan Mabry is also executive producer and host of The Bronze Report. She lives in Northern California. Follow her on Twitter @janmabr.

MORE NEWS: Update: One Killed, Two Injured When Truck Crashes Into Diners at San Jose Sports Bar