Apple ID credentials at risk on jailbroken iPhones to newly discovered malware campaign
The issue here is akin to malware reports about Android. With a jailbroken iPhone, you can load applications from any source and be on your way. However (and you can see where this is going), for those that know just enough, there is an active malware campaign underway that steals Apple ID data from jailbroken iOS devices.
The malware is being called “unflod,” based on the name of the file and where resides on infected devices. Word about this problem started to come to light last week. People were reporting that their jailbroken iOS devices were experiencing ongoing crashes.
By now, you should be able to glean that these people were installing apps from sources outside of iTunes or even Cydia, which is an alternative market for jailbroken devices. A security researcher determined that “unflod” gets into the SSLWrite function of the security framework and then it scans for data containing the user’s Apple ID and password. Once those items are found, the data is zapped to servers under control of whomever created the malware.
If you have a jailbroken iOS device and you download a lot of apps outside of Cydia, open the SSH/Terminal and search the file folder /Library/MobileSubstrate/DynamicLibraries for “Unflod.dylib” file. Fixing the problem might be as easy as deleting the dynamic library, but it is not known how the file is installed so no one knows for sure.
If you do manage to fix that problem, one way to avoid it happening in the future is to first, change your Apple ID password, and then restore your iOS device to a factory build of the OS (we know, that may be a tall order for some).
Either way, it boils down to a no-nonsense approach to using your modified device. As Jay Freeman, Cydia developer, put it, “I will also again take this moment to point out to anyone concerned that the probability of this coming from a default [Cydia] repository is fairly low. I don't recommend people go adding random URLs to Cydia and downloading random software from untrusted people any more than I recommend opening the .exe files you receive by e-mail on your desktop computer.”
Words to live by in this day and age.
source: Ars Technica
1. BCMWorld (Posts: 22; Member since: 24 Mar 2014)
Why are u itards trying to get more productivity by jailbroken? Switch to the more open n productive OS- Android and save your arses
5. mrblah (Posts: 445; Member since: 22 Jan 2013)
I did switch, in fact i do every two years or so, point is Android isn't ready for prime-time still, glitch junk pros can't use.
8. Finalflash (Posts: 1761; Member since: 23 Jul 2013)
Right but then why use a glitch junk OS with less functionality like iOS? It's like saying "if I'm going to shaft myself, I wanna make sure it hurts".
2. thealphageek1 (banned) (Posts: 942; Member since: 02 Feb 2013)
Wow. This is bad. Lots of people that use iPhones get them jail broken to enable more features being that iPhones don't have too many features to begin with. Not taking a shot against the iPhone, just stating a fact.
There are one of two options here that iOS fans can do:
Either don't jailbreak your iPhone(thats rather obvious).
Buy the most secure device in mobile(read: a BlackBerry).
11. express77 (unregistered)
Where is he by the way? Was he hired or fired?
12. Finalflash (Posts: 1761; Member since: 23 Jul 2013)
Well months of us commenters telling him he was full of it didn't phase him until one of the authors here (Michael I think it was) wrote an article about how he was full of it. Then he disappeared and only rarely pokes his head out. iOS and Apple talking point fans lost a hero that day.
3. hassoups (Posts: 340; Member since: 06 Jun 2013)
The thing is that once you jailbreak or root, you're always under threat.
4. jroc74 (Posts: 4766; Member since: 30 Dec 2010)
What?? Malware on iOS? Impossible!!!! Hogwash!!!
Just like with Android tho....side loading is nice at times. I guess the key word is untrusted people.
The developer for TelsaLED...you can get the apps from their website or the Play Store. I guess if it isnt a forum like XDA or whatever forum Apple devs hang out in..be careful.
7. mrblah (Posts: 445; Member since: 22 Jan 2013)
i checked with iFile, i'm clean! I can't image what sketchy software you would have to install that this would be attached to it.
10. Sauce (unregistered)
find /System /Library /usr /private/var -type f -print0 2>/dev/null | sudo xargs -0r grep -EHi "P5KFURM8M8|Unflod"