iPhonecaptain | iOS 17 Tips, Jailbreak Tweaks and App Reviews

"Bringing the Best For Apple Devices Daily"

A2Hosting

You are here: Home / APPLE NEWS / A Malware Called “Unflod Baby Panda” Found On Jailbroken Devices

A Malware Called “Unflod Baby Panda” Found On Jailbroken Devices

By Leave a Comment

Unflod Malware

Unflod Malware

We’ve often heard that iOS is the most secure platform but when a user jailbreaks it, there might be a risk of reduced security. Surprisingly, a new malware called “Unflod Baby Panda” has been found on some jailbroken iOS devices that attempts to send user’s Apple ID and password to China based servers.

The malware was first noticed by a jailbreak user on Reddit and after being investigated by another user named “minilover11″, it was discovered that it is actually a gruesome malware installed. He described:

After using both Hopper and IDA (although I am by no means very good at reading assembly or intermediate code), Unflod.dylib seems overrides the function “SSLWrite” and captures appleId and password and their data from the raw plist data in SSL connections to Apple’s authentication server (/WebObjects/MZFinance.woa/wa/authenticate) and sends them to 23.88.10.4 (a Chinese site it seems, from the error message it displays, not bashing china or anything, just based off the text the website returns).

German security firm SektionEins quickly investigated the issue and reported more details about the malware on its blog:

This malware appears to have Chinese origin and comes as a library called Unflod.dylib that hooks into all running processes of jailbroken iDevices and listens to outgoing SSL connections. From these connections it tries to steal the device’s Apple-ID and corresponding password and sends them in plaintext to servers with IP addresses in control of US hosting companies for apparently Chinese customers.

It’s unclear how the malware ended up on jailbroken devices but chances are that it might have happened through the installation of pirate repos.

However, if you want to find out if you’re among those infected by the malware, go to iFile and navigate to /Library/MobileSubstrate/DynamicLibraries/ and check if there is a file named Unflod.dylib. If you find it, sadly you’re infected by the malware. You can get rid of it by removing Unflod.dylib but to make sure that your device is 100% secure, it’s recommended that you restore your device, change your Apple ID password and enable the two-step verification process.

At the end of the day, this is a lesson that some jailbreak users learn from installing unauthorized repos in Cydia.

Source: Reddit

 

Latest Post

Leave a Reply

Your email address will not be published. Required fields are marked *