More than 225,000 Apple accounts have been stolen from iPhone and iPad users by a jailbreak tweak dubbed “KeyRaider.” It’s thought to be the biggest theft of its kind on iOS, and most of the users affected live in China.

Discovered by Palo Alto Networks, KeyRaider intercepted iTunes traffic once installed on jailbroken iOS devices, collecting Apple usernames, passwords, and device IDs. While most of the users affected live in China, it’s thought KeyRaider was installed in 18 countries in total, including several throughout Europe. It doesn’t appear to have made its way to the U.S., however.

“KeyRaider steals Apple push notification service certificates and private keys, steals and shares App Store purchasing information, and disables local and remote unlocking functionalities on iPhones and iPads,” explains Palo Alto Networks.

Some victims report that unauthorized purchases were made with their account, while others say their devices have been “held for ransom,” and they are unable to use them at all.

To be affected by KeyRaider, users will have first had to jailbreak their device and then install the tweak. However, in China, where many Apple devices are purchased on the gray market, many are sold already jailbroken with third-party tweaks pre-installed.

Palo Alto Networks has provided step-by-step instructions that allow jailbreakers to find out whether KeyRaider has been installed on their device, which you can find via the source link below.