If you take the plunge to root (or "jailbreak") a mobile device, it enters you into a world where software exists that wants nothing more than to ruin your day. Or perhaps even your device.
On the Android side, malware has popped up on occasion, but iOS has seemingly been relatively safe. But an exception has just been made, thanks to a piece of malware dubbed "KeyRaider". As its name suggests, all your keys are belong to this malware.
According to security firm Palo Alto Networks, over 225,000 iOS jailbroken iOS devices have been plagued by this malware, and while it's primarily sourced from a network in China, phones worldwide are being infected.
The primary focus of the malware seems to be stealing a person's Apple ID, which can then be used to make fraudulent purchases on the App Store. It could also snatch such things as a phone ID and security certificates -- effectively, stuff that no one else should ever have. Palo Alto Networks even confirms that some people stricken with KeyRaider have had their devices "held" for ransom.
If your device is jailbroken and you have seen fraudulent charges on your account, you might want to look into whether or not you're one of the few who've actually come into contact with this malware. The article linked below links to a service provided by WeipTech that lets you see if your Apple account has been stolen, and also provides instructions on how to check it manually. One would hope that merely reinstalling iOS on the device to disable the jailbreak might be enough to rid the malware, but it's not explicitly stated in this article.
The biggest lesson is this: unless you absolutely need to, don't jailbreak your iPhone.