How to Remove KeyRaider Malware from your iPhone

Jailbreaking iOS devices has a lot of benefits, which includes adding useful and exciting features to the iOS device. However, we all know that Apple hates jailbreaking, though most of the jailbreakers don’t understand the reason behind it. Jailbreaking can compromise the security of iOS and can lead to hackers stealing personal information of the users. And this reason has been proved by the incident that happened some days ago.

Image : Delete KeyRaider Malware

keyraider malware

We had reported earlier about the LockSaver Cydia tweak that was found to be a malware. And then we had reported that more than 220,000 iCloud credentials had been stolen due to a jailbreak backdoor and this was reported by a Chinese vulnerability reporting platform called WooYun. And now comes the news that a new malware for jailbroken iOS devices has been discovered by researchers. According to the researchers, the malware intercepts the traffic of iTunes for stealing the Apple account information of the users. The malware is called KeyRaider and it is being said that the malware has stolen more than 250,000 accounts till now.

Palo Alto Networks is responsible for discovering this malware and according to them, the users in China are the most affected ones. But the malware is not limited to China and has spread to 18 countries, thus endangering all the jailbroken iOS devices. The best way to avoid such a malware is to install packages only from trusted and reliable sources.

However, in case you have not always followed such precautions and if you are worried about your device getting hacked, then there is an easy and quick method of searching and finishing the malware.

How to Get Rid of KeyRaider iOS Malware

Method 1 :

  1. Go to Cydia and search for Filza File Manager and install it. More information about Filza file manager can be found in the given link .
  2. Now open the Filza File Manager and go to /Library/MobileSubstrate/DynamicLibraries/ filza_file_manager
  3. Now choose the first file that ends with .dylib.
  4. In this file, there will be a lot of hex code. Just use the search bar at the top for searching these keywords:
    • wushidou
    • gotoip4
    • bamu
    • getHanzi
  5. In case any of the above keywords exist, then it means that your device has been infected by the malware. So you must delete the file at once along with its corresponding .plist of the same name. This will remove the malware from your device permanently.

Method 2 : 

A new jailbreak tweak called DylibSearch helps you check whether your jailbroken iOS device has any known malware or malicious tweaks or not, like the KeyRaider malware that we told you about. DylibSearch actually scans the contents of all the .dylib files that are present in the MobileSubstrate directory of the file system. DylibSearch is an open source tweak available at the following repo for free download :

Add this repo on Cydia and after installing DylibSearch, launch it. It will show you a list of all the .dylib files that have been found in the /Library/MobileSubstrate/DynamicLibraries. The clean [ non-infected ]files will carry a green check mark next to their name, while the infected files will get a red ‘x’ icon.


The infected files will need to be removed manually by using an app such as iFile to go to the DynamicLibraries folder and delete the infected files.

Flu17 states that :

You must perform these steps for each and every .dylib file in the [/DynamicLibraries/] directory. Once you have cleared out the necessary files, reboot your device. Do not respring. Turn it off fully, then turn it on again.

After all these files have been found and deleted, restart your iOS device and it will be freed completely from the KeyRaider malware.

power off shutdown


It is possible that your account may have been compromised already, but you can still change the password of your account immediately and look out for any unusual purchases. The chance of KeyRaider being found outside China is very low, especially low in the US which has not been affected by the malware till now. Yet you should make sure that you check your device through the above given procedure to remain 100% safe.

Stay Tuned to Cydia Updates by Subscribing to our Email newsletter for Breaking News and Follow us on Facebook for latest updates .

2 thoughts on “How to Remove KeyRaider Malware from your iPhone

    • @Sam that’s exactly why DylibSearch is an open source cydia app . You can check its source code on GitHub to clear any doubt that you have.

Leave a Comment