Skip to content

S0288 KeyRaider

KeyRaider is malware that steals Apple account credentials and other data from jailbroken iOS devices. It also has ransomware functionality. 1

Item Value
ID S0288
Associated Names
Version 1.1
Created 25 October 2017
Last Modified 11 December 2018
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
mobile T1446 Device Lockout KeyRaider has built-in functionality to lock victims out of devices and hold them for ransom.1
mobile T1410 Network Traffic Capture or Redirection Most KeyRaider samples hook SSLRead and SSLWrite functions in the itunesstored process to intercept device communication with the Apple App Store.1
mobile T1426 System Information Discovery Most KeyRaider samples search to find the Apple account’s username, password and device’s GUID in data being transferred.1


Back to top