S0288 KeyRaider
KeyRaider is malware that steals Apple account credentials and other data from jailbroken iOS devices. It also has ransomware functionality. 1
| Item | Value |
|---|---|
| ID | S0288 |
| Associated Names | |
| Type | MALWARE |
| Version | 1.1 |
| Created | 25 October 2017 |
| Last Modified | 11 December 2018 |
| Navigation Layer | View In ATT&CK® Navigator |
Techniques Used
| Domain | ID | Name | Use |
|---|---|---|---|
| mobile | T1446 | Device Lockout | KeyRaider has built-in functionality to lock victims out of devices and hold them for ransom.1 |
| mobile | T1410 | Network Traffic Capture or Redirection | Most KeyRaider samples hook SSLRead and SSLWrite functions in the itunesstored process to intercept device communication with the Apple App Store.1 |
| mobile | T1426 | System Information Discovery | Most KeyRaider samples search to find the Apple account’s username, password and device’s GUID in data being transferred.1 |