A new malware που στοχεύει jailbroken iOS συσκευές της Apple, έκανε την appearance of. The malware targets user credentials, and was first discovered by Reddit users.
Η Reddit Jailbreak community platforms discovered it malware and named it "Unflod Baby Panda. ” Malware was found on some of Apple's jailbroken iOS devices last Thursday when some users noticed an unusual activity causing apps like Snapchat and Google Hangouts to crash.
A little later a developer discovered a mysterious file named “Unfold.dylib” on his jailbroken device and found that it collects Apple IDs and passwords from all of the logins on the infected device that use the Secure Socket Layer (SSL) to encrypt communications. According to researchers at German security firm SektionEins, the malware is believed to be spreading through Chinese iOS software websites.
The researchers found that the login information collected by the malware was sent to a server with IP "23.88.10.4" which was apparently managed by the Chinese. Continuing the investigation, they discovered that the malware is digitally signed by Wang Xin, as reported by THN.
"Currently, the Reddit Jailbreak community believes that deleting binary Unfold.dylib and changing your Apple ID password is enough to stop this attack. However, it is still unknown how the malware was found on the infected devices and therefore it is unknown whether in addition to this it has another useful (for hackers) load ", write the researchers.
“We believe, therefore, that the only safe way of removal is a complete one restore of the device, which means you will lose the jailbreak.”
Devices Affected
Owners of iPhone 5 and any other 32-bit device that is jailbroken iOS may be affected by malicious software. Owners of these devices will need to change their Apple ID password immediately after removing the malicious software using the steps listed below.
Owners of the latest iPhone with 64-bit processors such as iPhone 5S, iPad Air and iPad Mini Retina are not at risk from malware.
How to Remove Malware
- Download the free iFile application from Cydia.
- Go to / Library / MobileSubstrate / DynamicLibraries /
- If you find files named Unflod.dylib or Unflod.plist or framework.dylib and framework.plist then you are infected.
- Use iFile to delete Unflod.dylib or Unflod.plist or framework.dylib and framework.plist
- Restart your device and then change your Apple ID password and security questions.
