six colors

by Jason Snell & Dan Moren

This week's sponsor

Become a Six Colors subscriber: Get an exclusive monthly newsletter and weekly subscriber-only podcast and support the site.

Linked by Dan Moren

Malware steals over 225,000 Apple accounts

You’re going to probably be seeing this story about the KeyRaider malware a lot in the next couple days, so this is your reminder to not panic unduly:

Recently, WeipTech was analyzing suspicious Apple iOS tweaks reported by users and found over 225,000 valid Apple accounts with passwords stored on a server.

In cooperation with WeipTech, we have identified 92 samples of a new iOS malware family in the wild. We have analyzed the samples to determine the author’s ultimate goal and have named this malware “KeyRaider”. We believe this to be the largest known Apple account theft caused by malware.

Sounds bad, and sure, it ain’t great, but keep a couple of factors in mind here:

  1. 225,000 is a lot of accounts, but as of last April, Apple had 800 million iTunes accounts and sold more than a billion iOS devices, so they’ve probably got at least a billion Apple IDs floating around. Of which 225,000 represents 0.0225 percent. So, in terms of scale, this is hardly a widespread hack. The analysis also suggests that most of the accounts are from users in China.

  2. The thing that isn’t mentioned in most of the headlines1 is that this malware, as pretty much all iOS malware before it, specifically targets jailbroken devices. Which is to say devices where users have purposefully compromised the platform’s integrity in order to tweak features to their liking or, not uncommonly, to run pirated apps. I’m not going to tell you to not jailbreak your devices, because, hey, that’s up to you. But if you do, don’t be too surprised when you get bitten by an exploit. Your car may have a great security system, but if you leave it in a bad neighborhood with the windows down and the keys in the ignition, well, there you go.


  1. To be fair, it does get mentioned in the body of most of the stories I’ve seen, but a lot of people don’t read that far/closely.  ↩