How to Clear ‘KeyRaider’ Malware on Jailbroken iPhone

How to Clear ‘KeyRaider’ Malware on Jailbroken iPhone

‘KeyRaider’ is a iOS malware found by Palo Alto Networks, which lurk in jailboken iOS to steal a user’s Apple account information. According to statistics, the KeyRaider malware has stolen more than 250,000 Apple accounts so far.

We typically install new jailbreak tweaks from some credible and well-known Cydia Sources, and this is safe. However, some non-trusted repos may lurk KeyRaider malware. If you install cydia tweaks from these unknown sources, then we recommend that you immediately check your device to determine if already infected KeyRaider.

If you never do that then you do not need to worry about your device at risk. Here is a simple way to diagnose and remove KeyRaider Malware on your jailboken device.

How to Clear ‘KeyRaider’ Malware Without a Firmware Restore

Step 1: Launch Cydia Store on your jailbroken device.

Step 2: Search Filza File Manager in Cydia for installing.
Step 3: Once you installed the app, open it and navigate to /Library/MobileSubstrate/DynamicLibraries/
Step 4: Select the first file ending in .dylib
Step 5: Inside this file, you’ll see lots of hex code. Use the search bar at the top to look for the following keywords:

  • wushidou
  • gotoip4
  • bamu
  • getHanzi

Step 6: If you find any of these things, your device is infected. To clean it, you must delete the file along with its corresponding .plist with the same name

Note: You must perform these steps for each and every .dylib file in the [/DynamicLibraries/] directory.

Step 7: Once you have cleared out the necessary files, reboot your device, not a respring.

Once you have removed all of above files and rebooted your iOS device, the KeyRaider malware should been cleared. Even so we still recommend that you change your account password.