Beware of unflod virus on jailbroken devices!!!

20140421-221138.jpg

Users on a jailbreak subreddit have discovered a new kind of malicious software on iOS phones. The malware, which comes as a library called unfold.dylib, was uncovered after a Reddit user complained of crashes in Google Hangout and Snapchat.
The threat, which has been nicknamed “unflod baby panda,” is rumored to be of Chinese origin. There are several factors that support this theory. According to German mobile security firm SektionEins, the infection is digitally signed with an iPhone developer certificate under the name Wang Xin. Also, the malware, which steals the Apple ID and password of users, sends the information in plain text to 23.88.10.4, which appears to be a Chinese website from the error message it displays. However, these could all be fake. SektionEins even raised the possibility of certificate theft. So for now, no one knows where the malware came from and how it got into iOS devices.

The malware only affects jailbroken iPhones. It hooks into all the running processes of affected devices and listens to outgoing SSL connections. The infection also comes as unfold.plist and framework.dylib.
“Currently the jailbreak community believes that deleting the Unflod.dylib/framework.dylib binary and changing the Apple ID password afterwards is enough to recover from this attack. However, it is still unknown how the dynamic library ends up on the device in the first place and therefore it is also unknown if it comes with additional malware gifts,” SektionEins said.
“I therefore believe that the only safe way of removal is a full restore, which means the removal and loss of the jailbreak.”

About dlosada85


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: