A new malware campaign discovered by Reddit users is targeting users of jailbroken iOS devices. It’s been called “Unflod Baby Panda” and hooks into the running processes of jailbroken devices and tries to steal Apple IDs and their passwords.
The malware appears to have been from China, and runs from a library called Unflod.dylib. It’s attempting to listen to outgoing SSL connections, trying to decipher them as steal a device’s Apple ID and password. Once it has managed to get that information it’ll send it in plaintext to servers with IP addresses linked to U.S. hosting companies that appear to be for Chinese customers.
If you’re running a jailbroken iOS device and are worried about this malware, navigate to /Library/MobileSubstrate/DynamicLibraries/ and check for a “Unflod.dylib” file. If such a file exists, use a tool like iFile or iShredder. Once you’ve done that you should be safe (although a full restore might be preferable), and then you can go ahead and change your Apple ID password. If you can, it’d also be wise to enable two-step verification, which makes it much harder for hackers to gain access to your account.
