Register to stream ATT&CKcon 2.0 October 29-30

KeyRaider

KeyRaider is malware that steals Apple account credentials and other data from jailbroken iOS devices. It also has ransomware functionality. [1]

ID: S0288
Type: MALWARE
Platforms: iOS
Version: 1.1

Techniques Used

Domain ID Name Use
Mobile T1446 Lock User Out of Device KeyRaider has built-in functionality to lock victims out of devices and hold them for ransom. [1]
Mobile T1410 Network Traffic Capture or Redirection Most KeyRaider samples hook SSLRead and SSLWrite functions in the itunesstored process to intercept device communication with the Apple App Store. [1]
Mobile T1426 System Information Discovery Most KeyRaider samples search to find the Apple account's username, password and device's GUID in data being transferred. [1]

References