Apple's iOS is well known for its top-notch security features, with different researches already having proved that an Android device is more prone to a hack than an iPhone or iPad. However, such statistics don't really guarantee that iOS's security features are unbreakable. Recently, researchers from the Palo Alto Networks have found a malware that targeted jailbroken iPhone and iPad users that goes by the name of KeyRaider, or you may know it as the largest Apple account theft that stole over 250,000 iCloud credentials.
The malware has made its way to more than 18 different countries that includes China, United States, Australia, South Korea, and a handful of others. Once affected, users will not be able to have control of their iOS device and hackers can use it for different purposes.
Anyways, that doesn't matter anymore because the malware has wreaked havoc for a handful of users already. What is important right now is how to get rid of this dangerous malware from your iOS device. First of all, do not panic yet even if your device is jailbroken, this does not necessary mean you are living with this malware. The only way that KeyRaider could get into your iPhone or iPad is through a shady repository, unreliable packages, or illegally obtained jailbreak tweaks.
A user on Reddit with the name of Flu17 has found a simple method on how to remove KeyRaider from a jailbroken iOS device, the steps for which are outlined below.
How To Find And Remove KeyRaider Malware
1. Launch Cydia and install Filza File Manager from the BigBoss repo.
2. Once installed, launch the app from your device's home screen and go to the following location:
/Library/MobileSubstrate/DynamicLibraries/
3. Choose the first file ending with:
.dylib
4. This file will make you feel dizzy with a bunch of hex code but don't worry. Use the search feature and find the following:
wushidou
gotoip4
bamu
getHanzi
We hope you do not find any of those keywords or else your device is infected. If you do, it's time for a quick clean up. All you need to do is delete that file along with its corresponding '.plist' with the same name. Once that is taken care of, do not respring your iPhone or iPad. You will want to completely shut it down and then turn it back on aka Reboot.
You must perform these steps for each and every .dylib file in the directory! Once you have cleared out the necessary files, reboot your device. Do not respring. Turn it off fully, then turn it on again.
After restarting your iOS device, it should no longer contain the KeyRaider malware, however, your iCloud account may have been comprised. We suggest that you go to the iCloud.com website and change the password and set up two-step verification for your account.
