Hackers have attacked jailbroken iOS devices and obtained access to more than 225,000
Palo Alto Networks said in a blog post this week that the malware, named KeyRaider, may have affected users from 18 countries including the U.S., China, France, Japan, Canada and Australia.
"We believe this to be the largest known Apple account theft caused by malware," the firm said. "KeyRaider steals Apple push notification service certificates and private keys, steals and shares App Store purchasing information, and disables local and remote unlocking functionalities on iPhones and iPads."
The attack makes it possible for people to download jailbreak tweaks to make unauthorized in-app purchases without paying for them.
"The tweaks have been downloaded over 20,000 times, which suggests around 20,000 users are abusing the 225,000 stolen credentials," Palo Alto Networks said.
It noted that some Apple users have reported that their accounts show abnormal app purchase history.
An Apple spokesman noted that the issue only affects users who have jailbroken devices and have downloaded malware from untrustworthy sources.
"We have taken steps to protect those affected by the issue by automatically helping the owners reset their iCloud account with a new password," the Cupertino, Calif., company said.
Apple and other smartphone makers strongly recommend against jailbreaking devices, which eliminates security layers designed to protect personal information. That opens the door for hackers to steal personal information, damage the device, attack your network or introduce malware, spyware or viruses.
Follow Andrea Chang on Twitter