Dive Brief:
-
Palo Alto Networks and Chinese tech group WeipTech discovered hackers had stolen more than 225,000 Apple accounts from iPhone users.
-
The hackers uploaded KeyRaider, software that lets other people purchase iTunes apps using the victims' accounts — on jailbroken phones.
-
About 20,000 people have downloaded the software that lets them steal from affected iPhone owners.
Dive Insight:
The malware has shown up in 18 countries, including the U.S., but the malware only targets "jailbroken" iPhones and is mostly found in Chinese websites and apps that provide software for jailbroken iPhones.
The additional functionality has to be balanced against the additional risk, said Nicko Van Someren, chief technology officer of mobile security company Good Technology.
Palo Alto Networks said victims have reported that their Apple account purchase history has displayed apps they never bought, while others claim their phones have been locked, with the hackers demanding a ransom.