Malware for iOS requiring a jailbroken handset, and access to Chinese software repositories has been identified. Recent research has discovered 92 samples of a new family of malware called "KeyRaider," which has resulted in the theft of 225,000 valid Apple accounts login credentials, and associated device GUID.
The malware monitors the MobileSubstrate, and hooks into itunesstored's SSLRead and SSLWrite functions following installation through an afflicted software package. Push notifications, App Store purchasing information, certificates, private keys are then purloined by the malware. The information is uploaded at regular intervals to the command and control server for collection and re-use.
Researchers at Palo Alto Networks believe that the exploit allowing for illicit use of the purchase information database has been downloaded 20,000 times. Victims are reporting app purchases, as well as phones remotely locked by miscreants through modification of lockdown and activation routines.
Weiphone user Mischa07 has been fingered as the likely author. Most of the tweaks made available by the user are cheats for games, and advertising removing tools. The user is also the originator of "iappstore" and "iappinbuy" allowing users to download paid apps, and in-app purchases, respectively.
Palo Alto Networks
claims that "it appears this threat may have impacted users from 18 countries including China, France, Russia, Japan, United Kingdom, United States, Canada, Germany, Australia, Israel, Italy, Spain, Singapore, and South Korea." There is no way to contract this malware without having a jailbroken device, and access to the Weiphone Cydia repository containing the malware-laden software.