Skip to content

S0288 KeyRaider

KeyRaider is malware that steals Apple account credentials and other data from jailbroken iOS devices. It also has ransomware functionality. 1

Item Value
ID S0288
Version 1.0
Created 25 October 2017
Last Modified 24 October 2022
Navigation Layer View In ATT&CK® Navigator

Techniques Used

Domain ID Name Use
mobile T1638 Adversary-in-the-Middle Most KeyRaider samples hook SSLRead and SSLWrite functions in the itunesstored process to intercept device communication with the Apple App Store.2
mobile T1426 System Information Discovery Most KeyRaider samples search to find the Apple account’s username, password and device’s GUID in data being transferred.1