The Hacker News Logo
Subscribe to Newsletter

Warning: Malware Campaign targeting Jailbroken Apple iOS Devices

Warning: Malware Campaign targeting Jailbroken Apple iOS Devices
A new piece of malicious malware infection targeting jailbroken Apple iOS devices in an attempt to steal users’ credentials, has been discovered by Reddit users.

The Reddit Jailbreak community discovered the malicious infection dubbed as ‘Unflod Baby Panda’, on some jailbroken Apple iOS devices on Thursday while a user noticed an unusual activity that the file was causing apps such as Snapchat and Google Hangouts to crash constantly on his jailbroken iPhone.

CHINA WANTS YOUR APPLE ID & PASSWORDS
Soon after the jailbroken developer uncovered the mysteries ‘Unfold.dylib’ file and found that the infection targets jailbroken iOS handsets to captures Apple IDs and passwords from Internet sessions that use Secure Socket Layer (SSL) to encrypt communications and is believed to be spreading through the Chinese iOS software sites, according to the researchers at German security firm SektionEins.

The researchers found that the captured login information is been sent to some server of the Internet Protocol (IP) address “23.88.10.4”, which is suspected to be controlled by the individuals in China, as the malware developer certificate is found digitally signed by the name Wang Xin.
"Currently the jailbreak community believes that deleting the Unfold.dylib binary and changing the apple-id's password afterwards is enough to recover from this attack. However it is still unknown how the dynamic library ends up on the device in the first place and therefore it is also unknown if it comes with additional malware gifts," the researchers wrote while inspecting the infection. "We therefore believe that the only safe way of removal is a full restore, which means the removal and loss of the jailbreak," they added.
Immediately after the thread at the Reddit jailbreak community was started, several developers in the community warned the users to not touch the software, which they suspected was a malware. While the researchers noted that the manual removal of the malware infection is possible.

AFFECTED DEVICES
The iPhone owners using iPhone 5 and any other 32-bit jailbroken iOS device handset might be affected, who are advised to change their Apple ID password after the removal of the malicious software using the steps mentioned below.

However, the iPhone owners using latest 64-bit iOS devices such as iPhone 5S, iPad Air and iPad Mini Retina might not be affected by the malware.

HOW TO REMOVE MALWARE
  • Download the iFile app for free from Cydia and by using iFile, check whether your device is affected by the malicious software or not.
  • Navigate to /Library/MobileSubstrate/DynamicLibraries/
  • If you spot any files named Unflod.dylib or Unflod.plist and/or framework.dylib and framework.plist then you have been affected.
  • Use iFile to delete Unflod.dylib and Unflod.plist and/or framework.dylib and framework.plist
  • Reboot your device and then change your Apple ID password and security questions immediately and just to be on safe side, use two-step verification method and avoid installing apps from untrusted sources.
for details of removal click here.

Yet, most iPhone users are not vulnerable to the malicious malware as the infection requires the user’s handset to be jailbroken in order to be installed in the victim’s device. Also the malware has not been spotted on any of the apps on the Apple iOS App Store , THANKS to Apple's tight control of the App Store approval process.
SHARE
Comments
Latest Stories
Top Deals

Always First — Subscribe

Over 500,000 Information Security professional read and trust our news platform. Join them and get all latest hacking news, free eBooks delivered to your inbox - free!