Apple ID credentials at risk on jailbroken iPhones to newly discovered malware campaign
The issue here is akin to malware reports about Android. With a jailbroken iPhone, you can load applications from any source and be on your way. However (and you can see where this is going), for those that know just enough, there is an active malware campaign underway that steals Apple ID data from jailbroken iOS devices.
The malware is being called “unflod,” based on the name of the file and where resides on infected devices. Word about this problem started to come to light last week. People were reporting that their jailbroken iOS devices were experiencing ongoing crashes.
By now, you should be able to glean that these people were installing apps from sources outside of iTunes or even Cydia, which is an alternative market for jailbroken devices. A security researcher determined that “unflod” gets into the SSLWrite function of the security framework and then it scans for data containing the user’s Apple ID and password. Once those items are found, the data is zapped to servers under control of whomever created the malware.
If you have a jailbroken iOS device and you download a lot of apps outside of Cydia, open the SSH/Terminal and search the file folder /Library/MobileSubstrate/DynamicLibraries for “Unflod.dylib” file. Fixing the problem might be as easy as deleting the dynamic library, but it is not known how the file is installed so no one knows for sure.
If you do manage to fix that problem, one way to avoid it happening in the future is to first, change your Apple ID password, and then restore your iOS device to a factory build of the OS (we know, that may be a tall order for some).
Either way, it boils down to a no-nonsense approach to using your modified device. As Jay Freeman, Cydia developer, put it, “I will also again take this moment to point out to anyone concerned that the probability of this coming from a default [Cydia] repository is fairly low. I don't recommend people go adding random URLs to Cydia and downloading random software from untrusted people any more than I recommend opening the .exe files you receive by e-mail on your desktop computer.”
Words to live by in this day and age.
source: Ars Technica