A new malware targeting jailbroken Apple iOS devices has made its appearance. The malware targets user credentials, and was first discovered by users of Reddit.
Η Reddit Jailbreak community discovered it malware and named it "Unflod Baby Panda.” The malware was found on some jailbroken Apple iOS devices last Thursday, when some users noticed unusual activity causing apps like Snapchat and Facebook to crash. Google Hangouts.
Shortly afterwards, a developer discovered a mysterious file called "Unfold.dylib" on his jailbroken device and found that it was collecting Apple IDs and passwords from all connections on the infected device using Secure Socket Layer (SSL). for encrypting communications. According to researchers from the German security company SektionEins, the malware is believed to be spreading through Chinese iOS software websites.
The researchers found that the login information collected by the malware is sent to a server with IP “23.88.10.4” which appears to be managed by Chinese people. Continuing her research, discovered that the malware is digitally signed by Wang Xin, THN reports.
"Currently, the Reddit Jailbreak community believes that deleting binary Unfold.dylib and change του κωδικού πρόσβασης του Apple ID είναι αρκετά για να σταματήσουν αυτή την επίθεση. Ωστόσο, εξακολουθεί να είναι άγνωστο το πώς το malware βρέθηκε στις μολυσμένες συσκευές και ως εκ τούτου είναι άγνωστο αν εκτός από αυτο έχει και αλλο ωφέλιμο (για τους hackers) load” write the researchers.
"We therefore believe that the only safe way to remove it is a complete restore of the device, which means that you will lose the jailbreak."
Devices Affected
Owners of iPhone 5 and any other 32-bit device that is jailbroken iOS may be affected by malicious software. Owners of these devices will need to change their Apple ID password immediately after removing the malicious software using the steps listed below.
Owners of the latest iPhone with 64-bit processors such as iPhone 5S, iPad Air and iPad Mini Retina are not at risk from malware.
How to Remove Malware
- Download the free iFile application from Cydia.
- Go to / Library / MobileSubstrate / DynamicLibraries /
- If you find files named Unflod.dylib or Unflod.plist or framework.dylib and framework.plist then you are infected.
- Use iFile to delete Unflod.dylib or Unflod.plist or framework.dylib and framework.plist
- Restart your device and then change your Apple ID password and security questions.
