1. Home
  2. Software
  3. KeyRaider

KeyRaider

KeyRaider is malware that steals Apple account credentials and other data from jailbroken iOS devices. It also has ransomware functionality. [1]

ID: S0288
Type: MALWARE
Version: 1.0
Created: 25 October 2017
Last Modified: 25 April 2025
Version Permalink
Mobile Layer
download view

Techniques Used

Domain ID Name Use
Mobile T1638 Adversary-in-the-Middle

Most KeyRaider samples hook SSLRead and SSLWrite functions in the itunesstored process to intercept device communication with the Apple App Store.[2]
Mobile T1426 System Information Discovery

Most KeyRaider samples search to find the Apple account's username, password and device's GUID in data being transferred.[1]

References

  1. Claud Xiao. (2015, August 30). KeyRaider: iOS Malware Steals Over 225,000 Apple Accounts to Create Free App Utopia. Retrieved December 12, 2016.
  1. Yair Amit. (2013, March 12). Malicious Profiles - The Sleeping Giant of iOS Security. Retrieved November 17, 2024.