226,000 iPhones compromised by Chinese hackers

The student, a member of an amateur group called Weiptech, made the discovery after the group began researching reports of unauthorized purchases being made on Apple accounts in July.

After reporting it last week, California-based Palo Alto Networks analyzed the findings and found that malware had been used to siphon passwords and personal information from “jailbroken” iPhones. The term is used to describe devices that users have modified to loosen restrictions that Apple places on its products. For example, Apple prevents users from downloading applications that Apple doesn’t offer through its own store.

Palo Alto Networks named the malware “KeyRaider” because “it raids victims’ passwords, private keys and certificates.” The report also noted that KeyRaider “steals Apple push notification service certificates and private keys, steals and shares App Store purchasing information, and disables local and remote unlocking functionalities on iPhones and iPads.”

That information was then sent to a third-party server in China, allowing the thieves to access payment information and control devices remotely. “Some victims have reported that their stolen Apple accounts show abnormal app purchasing history and others state that their phones have been held for ransom,” the report stated.

Weiptech located the online database where the information was being stored and managed to eliminate much of the information before the thieves shut it down. “The WeipTech researchers dumped around half of all entries in the database before a website administrator discovered them and shut down the service,” the report said.

Weiptech is assisting potential victims to query whether their information was affected. Users of non-jailbroken devices are not at risk.

In addition to the United States, the hack affected users in 17 countries that included China, France, Russia, Japan, United Kingdom, Canada, Germany, Australia, Israel, Italy, Spain, Singapore and South Korea.