How to check if you have been affected by Keyraider malware

An easy method to check if your device is compromised by the Keyraider malware involves searching for strings on your device:

1. Install openssh server through Cydia

2. Connect to the device through SSH

3. Go to /Library/MobileSubstrate/DynamicLibraries/, and search for these strings to all files under this directory:

● wushidou

● gotoip4

● bamu

● getHanzi

If any dylib file contains any one of these strings, delete it and delete the plist file with the same filename, then reboot the device.

Change your Apple account password after removing the malware, and enable two-factor verifications for their Apple IDs.

Steps from iClarifed