220,000 iCloud Account Leaked. How To Check Your Account Has Affected?

Few days ago a Chinese online vulnerability reporting platform called WooYun was reported 220,000 iCloud accounts being hacked, by built-in KeyRaider maiware through jailbreak tweaks installed on devices. It is believed that the backdoors implemented in jailbroken iPhones and iPads were used to acquire confidential iCloud information.

According to a post on Reddit, the hackers can access personal data, including emails and photos on affected devices due to leaked credentials. iOS users are advised to enable 2-factor authentication for your iCloud account. In addition, do not install jailbreak tweaks from unknown and untrusted sources to help protect ourselves.

By the way, we can check is there any KeyRaider installed on ours iOS devices manually.

Check iCloud Account

On jailbreak devices, add “http://cydia.angelxwind.net” to Cydia source, then search for “MobileTerminal” and installed (521-karen-1 version).

iCloud account leaked

A terminal app appeared on your iOS devices. Tap on it and key in “grep -r wushidou /Library/MobileSubstrate/DynamicLibraries/*” command, then tap on “return”.

iCloud%20account 1

Now you can find any trojans inside devices. If you didn’t see any result appeared on the screen, you are saved.

iCloud%20account 2

Hoover, if you see something appeared on the screen as below,

iCloud%20account 3

Your iOS devices already infected by Keyraider malware. The screenshot as above showed that “mobileprovision.dylib” plugin contained some trojans.

You can use an iFile app to search for “Library/MobileSubstrate/DynamicLibraries/” folder, then delete the trojan that you found with MobileTerminal app.