Find And Remove KeyRaider Malware From Your iPhone, Here’s How

A few days ago we told you about the KeyRaider malware that is infecting jailbroken devices and is seemingly spread by those downloading jailbreak tweaks from less than reputable sources. While it’s difficult to have too much sympathy for anyone caught out because they were stealing tweaks, it isn’t any fun for anyone to have their iOS device held to ransom by a hacker. And that’s exacly what is happening to some of the people affected by KeyRaider.

KeyRaider also set about stealing the Apple IDs of those affected, which at least gave people a way to check whether they were affected after Palo Alto Networks and WeipTech created a web tool which allowed users to enter their Apple ID email address in order to see if it was compromised. That’s great, but wouldn’t it be even better if you could check your devices for the root of the problem, KeyRaider itself, and then remove it?

ios keyraider

That’s what a new jailbreak tweak is making possible. Posted first on Reddit, DylibSearch app is currently in beta and while it can scan all of the .dylib files in an iOS device’s MobileSubstrate folder for known strings relating to KeyRaider, it can’t yet delete them. That means it’s left to you, the user, to do the cleanup using an app like iFile to delete the affected files. Still, it’s better than nothing, that’s for sure!

Here’s how you install DylibSearch.

  1. Add the following repository to Cydia: http://wolfposd.github.io/
  2. Install DylibSearch and launch it.

You’ll be shown green checkmarks for files that are fine and red crosses for those that aren’t following the automatic scan, as shown in the image below.

IMG_3076

If you get red crosses for files it means your device is infected with KeyRaider. Make note of these file names. Install a file management app like iFile on your device from Cydia. Navigate to /Library/MobileSubstrate/DynamicLibraries folder and find the files listed by DylibSearch here and delete them.

The tweak’s developer has also made its source code available, should you want to poke around.

And remember folks, keep yourself safe. It’s a jungle out there.

You may also like to check out:

You can follow us on Twitter, add us to your circle on Google+ or like our Facebook page to keep yourself updated on all the latest from Microsoft, Google, Apple and the web.