Hackers have stolen more than 225,000 Apple accounts from iPhone customers.
Security company Palo Alto Networks is calling the attack "the largest known Apple account theft caused by malware." Palo Alto Networks (PANW) discovered the hack along with Chinese tech group WeipTech.
The good news for most iPhone customers is that the malware, nicknamed KeyRaider, only targets "jailbroken" iPhones.
Jail-breaking allows iPhone owners to access parts of a phone's file systems that are otherwise restricted for security reasons.
KeyRaider is mostly found in Chinese websites and apps that provide software for jailbroken iPhones. But the malware has spread far beyond China, showing up in 18 countries, including the United States.
Once infected with the KeyRaider malware, a jailbroken iPhone will give up all of its owner's iTunes App Store information to the hackers, including the Apple (AAPL) account username, password and the iPhone's unique ID. It also steals all the information about the owner's App Store purchases and prevents people from recovering their phones once they've been hijacked.
The hackers aren't keeping all that for themselves: They have allowed other people to take advantage of the stolen account information.
The hackers have uploaded software that lets other people purchase iTunes apps for "free," using the victims' accounts. About 20,000 people have downloaded the software that lets them steal from the 225,000 affected iPhone owners.
Palo Alto Networks said victims have reported that their Apple account purchase history has displayed apps they never bought. Others say their phones have been locked, and the hackers are demanding a ransom to return access to the owners.
Jailbreaking phones can be a useful way for technologically savvy iPhone owners to customize their devices to their liking and install apps that don't appear on the iTunes App Store. But it also bypasses some important barriers Apple puts in place to prevent these kind of attacks from happening.
"Users ... need to consider carefully if the additional functionality is worth the additional risk," said Nicko Van Someren, chief technology officer of mobile security company Good Technology.