A newly discovered piece of iPhone malware originating in China has stolen 225,000 iOS users’ Apple account credentials, according to researchers.
“We believe this to be the largest known Apple account theft caused by malware,” researchers wrote.
The malware, called KeyRaider, intercepts iTunes traffic on the device in order to steal account usernames and passwords, according to security firm Palo Alto Networks and a group of Chinese iPhone developers named Weiptech, who discovered the theft.
“KeyRaider has successfully stolen over 225,000 valid Apple accounts and thousands of certificates, private keys, and purchasing receipts,” the researchers wrote. “The malware uploads stolen data to its command and control server, which itself contains vulnerabilities that expose user information.”
Apple’s iPhone is known for being very secure, having had virtually no mass malware infections in its eight years on the market.
But most domestic iPhone users can breathe easy: KeyRaider only affects phones that have been “unlocked” or “jailbroken” so users can install apps not approved by the iTunes app store.
Researchers say that the malware is being spread by third-party distributors in China who specialize in apps for jailbroken devices.
The theft has hit users in 18 countries, including the United States.