Check out the results from our first round of ATT&CK Evaluations at attackevals.mitre.org!

KeyRaider

KeyRaider is malware that steals Apple account credentials and other data from jailbroken iOS devices. It also has ransomware functionality. [1]

ID: S0288
Aliases: KeyRaider
Type: MALWARE
Platforms: iOS

Version: 1.1

Alias Descriptions

NameDescription
KeyRaider[1]

Techniques Used

DomainIDNameUse
MobileT1446Lock User Out of DeviceKeyRaider has built-in functionality to lock victims out of devices and hold them for ransom.[1]
MobileT1410Network Traffic Capture or RedirectionMost KeyRaider samples hook SSLRead and SSLWrite functions in the itunesstored process to intercept device communication with the Apple App Store.[1]
MobileT1426System Information DiscoveryMost KeyRaider samples search to find the Apple account's username, password and device's GUID in data being transferred.[1]

References