Malware Targeting Jailbroken Apple iOS Devices

Share it:
Hacking and attempt to steal data and information is coming fast now a days. As with the same thing, recently a Reddit Jailbreak community had notified that a malicious infection dubbed as "Unfold Baby Panda" is affecting many of the Jail-broken Apple iOS devices.

On Thursday, Community have noticed an unusual activity on iOS device which causing some apps such as Snapchat and Google Hangout to crash continuously on Jailbroken Apple Devices. 

After the investigating on this issue, jailbroken developer have notify that a file name as 'Unfold.dylib' has been found infectious. This is targeting the jailbroken Apple iOS device to capture Apple ID's and Password from from Internet sessions that use Secure Socket Layer (SSL) to encrypt communications and is believed to be spreading through the Chinese iOS software sites, according to the researchers at German security firm SektionEins.

With this they says -
"Currently the jailbreak community believes that deleting the Unfold.dylib binary and changing the apple-id's password afterwards is enough to recover from this attack. However it is still unknown how the dynamic library ends up on the device in the first place and therefore it is also unknown if it comes with additional malware gifts," the researchers wrote while inspecting the infection. "We therefore believe that the only safe way of removal is a full restore, which means the removal and loss of the jailbreak,"
Researcher also mention that the stolen ID's and password are been sent to the some of the server whose IP (Internet Protocol) is been noted as “23.88.10.4”.  It is suspected that the server is owned by a individual from China, and a malware developer certificate is found digitally signed by the name Wang Xin.

Several developer have from the Jailbreak community have warned the users not to touch the infectious file 'Unfold.dylib'. While the researchers noted that the manual removal of the malware infection is possible.

How To Remove it Manually
  • Download the iFile app for free from Cydia and by using iFile, check whether your device is affected by the malicious software or not.
  • Navigate to /Library/MobileSubstrate/DynamicLibraries/
  • If you spot any files named Unflod.dylib or Unflod.plist and/or framework.dylib and framework.plist then you have been affected.
  • Use iFile to delete Unflod.dylib and Unflod.plist and/or framework.dylib and framework.plist
  • Reboot your device and then change your Apple ID password and security questions immediately and just to be on safe side, use two-step verification method and avoid installing apps from untrusted sources.
You can also get the detailed information on removing it manually here.

Who are Affected
Developer have notified that the users using iPhone 5 and 32-bit jailbroken devices are being affected. However, the iPhone owners using latest 64-bit iOS devices such as iPhone 5S, iPad Air and iPad Mini Retina might not be affected by the malware. It is advised that to change their Apple ID password after the removal of the malicious software.

This is not the first time that the attacker trying to targeting the Apple ID's and Password. Earlier Cyber hacker have hacked one of the EA server and added Phishing page for stealing Apple ID's and Password. 

Share it:

Apple

iOS

Security

Post A Comment:

0 comments:

Follow by Email