Apple ID credentials at risk on jailbroken iPhones to newly discovered malware campaign

Apple ID credentials at risk on jailbroken iPhones to newly discovered malware campaign
For those that know what they are doing, the chances of this being a problem are relatively low. However, it is getting easier and easier to manipulate technology, and that means those that know “just enough” to get in trouble, are going to find trouble.

The issue here is akin to malware reports about Android. With a jailbroken iPhone, you can load applications from any source and be on your way. However (and you can see where this is going), for those that know just enough, there is an active malware campaign underway that steals Apple ID data from jailbroken iOS devices.

The malware is being called “unflod,” based on the name of the file and where resides on infected devices. Word about this problem started to come to light last week. People were reporting that their jailbroken iOS devices were experiencing ongoing crashes.

By now, you should be able to glean that these people were installing apps from sources outside of iTunes or even Cydia, which is an alternative market for jailbroken devices. A security researcher determined that “unflod” gets into the SSLWrite function of the security framework and then it scans for data containing the user’s Apple ID and password. Once those items are found, the data is zapped to servers under control of whomever created the malware.

If you have a jailbroken iOS device and you download a lot of apps outside of Cydia, open the SSH/Terminal and search the file folder /Library/MobileSubstrate/DynamicLibraries for “Unflod.dylib” file. Fixing the problem might be as easy as deleting the dynamic library, but it is not known how the file is installed so no one knows for sure.

If you do manage to fix that problem, one way to avoid it happening in the future is to first, change your Apple ID password, and then restore your iOS device to a factory build of the OS (we know, that may be a tall order for some).

Either way, it boils down to a no-nonsense approach to using your modified device. As Jay Freeman, Cydia developer, put it, “I will also again take this moment to point out to anyone concerned that the probability of this coming from a default [Cydia] repository is fairly low. I don't recommend people go adding random URLs to Cydia and downloading random software from untrusted people any more than I recommend opening the .exe files you receive by e-mail on your desktop computer.”

Words to live by in this day and age.

source: Ars Technica

FEATURED VIDEO

12 Comments

1. BCMWorld

Posts: 55; Member since: Mar 24, 2014

Why are u itards trying to get more productivity by jailbroken? Switch to the more open n productive OS- Android and save your arses

5. mrblah

Posts: 577; Member since: Jan 22, 2013

I did switch, in fact i do every two years or so, point is Android isn't ready for prime-time still, glitch junk pros can't use.

8. Finalflash

Posts: 4063; Member since: Jul 23, 2013

Right but then why use a glitch junk OS with less functionality like iOS? It's like saying "if I'm going to shaft myself, I wanna make sure it hurts".

2. thealphageek1

Posts: 942; Member since: Feb 02, 2013

Wow. This is bad. Lots of people that use iPhones get them jail broken to enable more features being that iPhones don't have too many features to begin with. Not taking a shot against the iPhone, just stating a fact. There are one of two options here that iOS fans can do: Either don't jailbreak your iPhone(thats rather obvious). Buy the most secure device in mobile(read: a BlackBerry).

6. mrblah

Posts: 577; Member since: Jan 22, 2013

The 64 bits aren't at risk.

9. Finalflash

Posts: 4063; Member since: Jul 23, 2013

LOL looks like we have another Jakelee

11. express77 unregistered

Where is he by the way? Was he hired or fired?

12. Finalflash

Posts: 4063; Member since: Jul 23, 2013

Well months of us commenters telling him he was full of it didn't phase him until one of the authors here (Michael I think it was) wrote an article about how he was full of it. Then he disappeared and only rarely pokes his head out. iOS and Apple talking point fans lost a hero that day.

3. hassoups

Posts: 473; Member since: Jun 06, 2013

The thing is that once you jailbreak or root, you're always under threat.

4. jroc74

Posts: 6023; Member since: Dec 30, 2010

What?? Malware on iOS? Impossible!!!! Hogwash!!! Just like with Android tho....side loading is nice at times. I guess the key word is untrusted people. The developer for TelsaLED...you can get the apps from their website or the Play Store. I guess if it isnt a forum like XDA or whatever forum Apple devs hang out in..be careful.

7. mrblah

Posts: 577; Member since: Jan 22, 2013

i checked with iFile, i'm clean! I can't image what sketchy software you would have to install that this would be attached to it.

10. Sauce unregistered

find /System /Library /usr /private/var -type f -print0 2>/dev/null | sudo xargs -0r grep -EHi "P5KFURM8M8|Unflod"

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.