iOS

KeyRaider Malware: What Is It & How To Remove It From iPhone

Android’s Stagefright vulnerability made a lot of people worried in the past few months. It also served the purpose of highlighting the fact that iOS remains the safer option among its competitors. If some of your iPhone-using friends have been boasting about their smartphone’s secure status lately, you can now tell them of the newly unearthed iOS malware named KeyRaider. As you might expect, the malware affects only jailbroken devices, as Apple isn’t likely to allow such an entity to make its way to the App Store. So, if you want to keep your Apple ID (and the credit card information associated with it) safe from hackers, there is a way of checking whether your iDevice has KeyRaider installed on it.

For now, there is no one-click solution that can help Cydia users get rid of KeyRaider. You will have to dive into the OS’ file structure and delete the malware from there.

KeyRaider Malware Removal

Most of the times, iFile is used when tinkering with iOS’ file structure and internal workings. In this case though, we will have to rely on a lesser known file explorer. As great and simple as iFile is, it lacks the ability to search within system files. As you will see, this method requires users to check for any existing malware by painstakingly going through an extraordinarily large HEX file.

Looking for KeyRaider in iOS

  1. The file explorer we discussed earlier is named ‘Filza File Explorer’. Search for it on Cydia and install it like any other jailbreak app.
  2. Once installed, launch Filza.
  3. Go to the ‘Library’ folder, located on the app’s main screen.
  4. Head to ‘DynamicLibraries’, which is under the ‘MobileSubstrate’ folder.
  5. Open each dynamic library one by one. This refers to any file with’.dylib’ extension.
  6. In each file you have to search for the below items, one after the other.
  • wushidou
  • gotoip4
  • bamu
  • getHanzi
    When the listed keywords are found, it means your iPhone has been affected by the KeyRaider malware.

Removing KeyRaider from iPhone

  1. Wherever you find the malicious keywords in your dynamic library files, that entire file has to be deleted.
  2. The second step is to look for the deleted file’s PLIST entry, and remove that as well. Long-pressing the entry will bring up the deletion option.

KeyRaider has hacked more than 200,000 users until now, so most of us are safe as things stand. You can never be too overconfident about your money’s safety though.