How to find and remove ‘KeyRaider’ malware on your jailbroken iOS device

BY Killian Bell

Published 4 Sep 2015

ios-malware

Researchers have discovered new malware for jailbroken iOS devices that intercepts iTunes traffic to steal your Apple account information. It’s called KeyRaider and it has stolen more than 250,000 accounts so far — and here’s how you can find and eliminate it.

Discovered by Palo Alto Networks, KeyRaider has mostly affected users in China, but it has made its way to 18 countries in total, making it a real concern for jailbreakers worldwide. You can avoid it by only installing trusted packages from reliable sources.

But if you haven’t always done that and you’re worried your device might be at risk, thankfully, Redditor Flu17 has a quick and easy method of finding and eliminating the malicious app. Here are the steps you need to take:

  1. Search Cydia for Filza File Manager and install
  2. Open the app and navigate to /Library/MobileSubstrate/DynamicLibraries/
  3. Select the first file ending in .dylib
  4. Inside this file, you’ll see lots of hex code. Use the search bar at the top to look for the following keywords:
    • wushidou
    • gotoip4
    • bamu
    • getHanzi
  5. If you find any of these things, your device is infected. To clean it, you must delete the file along with its corresponding .plist with the same name

“You must perform these steps for each and every .dylib file in the [/DynamicLibraries/] directory,” Flu17 warns. “Once you have cleared out the necessary files, reboot your device. Do not respring. Turn it off fully, then turn it on again.”

Once you have removed all of these files and restarted your iOS device, it will be free from the KeyRaider malware. Of course, your account may have already been compromised, in which case all you can do is change its password and be on the lookout for any unusual purchases.

We should note, however, that the risk of picking up KeyRaider outside of China is slim — especially if you live in the U.S., which is thought to be unaffected by it so far. But it’s still worth checking to be sure you device isn’t infected by it.

If you find KeyRaider on your device, you can also restore it with a fresh copy of iOS to remove the malicious files. However, this will remove your jailbreak and wipe all of your data, so you’ll have to repeat the jailbreaking process again once the restore is complete, and be sure to backup first.

Related Articles

iOS 17 logo

iOS 17 Could Bring a Control Center Overhaul

Sriansh
iOS 17 logo

iOS 17 Could Drop Support for These iPhone and iPad Models

Sriansh

iOS 16.5 and iPadOS 16.5 Beta 1 Features: What’s New

Sriansh
iOS 16.5 on iPhone

iOS 16.5 and iPadOS 16.5 Beta 1 Download Available Now

Sriansh
must-have-ipad-pro-pencil-apps-featured

IPAD PRO 2

Oct 30, 2016

11 Must Have Apps for Apple Pencil and iPad Pro Users

Khamosh Pathak

iPad Pro is a beast of a machine. Yes, it runs iOS but don’t let that fool you. iOS has many ways to be productive and for doing creative work. Granted, it’s different

Read More

MACOS

Jun 13, 2016

‘Apple File System’ Is the Company’s New File System for watchOS, iOS, tvOS, and macOS

Rajesh Pandey

It has long been rumored that Apple is working on a new file system to replace the archaic HFS+ file system that macOS currently uses. The company was expected to announce a new file system

Read More
Apple volunteer

APPLE NEWS

Mar 16, 2015

‘Apple Global Volunteer Program’ will let employees sign up to help local communities

Evan Selleck

Apple is no stranger to donating large sums of money to a cause, or to even help diversification within the tech industry. But now it's aiming to donate some individual human hours as well,

Read More

Want to know more about apple Products

We launch new articles subscribe and get updated. MAX 1 email a week. No spam, ever.

Cancel