How to Protect Yourself Against KeyRaider iOS Malware

Earlier this month, hackers used KeyRaider malware to pilfer the personal details of more than 225,000 iPhone users – gaining access to ‘jailbroken’ devices no longer protected by Apple’s stringent security controls.

If you’re not familiar with the term ‘jailbreaking’, it refers to the process of unlocking an iPhone so that users can install third-party apps and other software on the device. Whilst some would argue in favour of the benefits of jailbreaking, the security risks involved far outweigh the ability to integrate other tools and software not supported by iOS – a point demonstrated by the recent increase in iPhone hackings.

Nevertheless, as the number of jailbroken iPhones continues to rise, the need for more stringent security controls against KeyRaider and other malware is becoming increasingly evident.

For those of you who have already jailbroken your iOS device, here’s an in-depth guide on how to protect your personal information and data against KeyRaider iOS malware.

Remove Jailbreak

For some iPhone users, removing the jailbreak functionality may sound counter-productive. However, in doing so you’ll remove the root-level access privileges that hackers used to gain entry to your data – effectively restoring your device to its secure, factory-fitted best.

Removing jailbreak access from your iPhone couldn’t be easier - simply connect the device to your computer, and use the ‘restore’ function to reinstate standard iOS access privileges and remove any trace of potentially dangerous unsigned code.

Find Out if the Device is Infected

If you suspect your device could be infected with KeyRaider malware, or you’re just being overly cautious, there is a simple way to find out if your iPhone is affected.

Start by installing the OpenSSH connectivity tool via the jailbroken iOS software application, Cydia. Once you’ve configured OpenSSH, find the ‘DynamicLibraries’ directory and search for any of the following strings: ‘wushidou’, ‘gotoip4’, ‘bamu’ and ‘getHanzi’. Find any, and your phone is likely infected by KeyRaider malware.

Determine if Your Apple Account has Been Stolen

If a hacker has gained entry to your iOS device, chances are they’ve stolen the ID and password for your Apple account – leaving you vulnerable to financial crime. At this stage, it’s vital you discern whether your account details have been stolen.

To do this, we’d recommend contacting Apple– to query the status of their Apple account. If in doubt, change the password of your account and disallow further auto-fill password functionality on your device.

Remove Infected Files

Once you’ve secured your Apple account, it’s time to deal with the problem head-on by removing any and all malware-infected files, applications and software from your device.

To do this, use the OpenSSH connectivity software to locate any of the offending strings we referenced earlier, as well as the ‘plist’ file with the same filename. Once you’re happy you’ve removed all of the infected files, reboot your iPhone and consider removing its jailbreak functionality as mentioned earlier in the post.

Think Before You Install Third-Party Applications

Once you’ve jailbroken your iPhone, all of Apple’s stringent malware protection will be jettisoned from the device – leaving it vulnerable to a multitude of cyber attacks. Hackers target third-party applications that are only available for jailbroken devices, adding a host of malicious code strings that are readily downloaded and installed by unsuspecting iPhone users.

To protect your device from KeyRaider and other associated iOS malware, avoid suspicious third-party apps and, if possible, don’t jailbreak your device.

For more tech news and advice, check out the rest of the Fast Lane blog. Alternatively, visit the main site to browse our complete range of IT courses, or call our dedicated team on 0845 480 1000.