'Unflod' malware stealing Apple ID credentials from jailbroken iOS devices

'Unflod' malware stealing Apple ID credentials from jailbroken iOS devices
Advertisement

A new active malware, dubbed 'unflod', has been discovered by some users who say that the bug targets certain files in Apple products and steals Apple ID credentials.

The malware is understood to attack only those jailbroken Apple devices that run on 32-bit versions of iOS. This indicates that iPhone 5s, iPad Air and iPad mini 2G would stay unaffected, as they 64-bit versions of iOS. "There is no ARM 64-bit version of the code in the copy of the library we got [...]This means the malware should never be successful on [the] iPhone 5S/iPad Air or iPad mini 2G," mentioned Stefan Esser, a security researcher for Ars Technica.

Unflod was first mentioned in a couple of Reddit threads (1, 2), in which users complained about how their jailbroken devices have been repeatedly crashing after installing some jailbroken customisations.

However, Esser performed a static analysis on the binary codes of the infected devices mentioned by the Reddit users. As per Esser's blog, the Unflod malware clings to the jailbroken devices' SSLWrite function and runs a scan on the links that include the Apple ID and passwords. After the credentials are discovered, they are transmitted to controlled servers.

As a temporary solution to bypass the malware, Esser recommended users to restore their devices to factory settings. Most users however, would not want to give up their jailbreaks and subsequent tweaks in the process. He also recommended users to change their Apple IDs and passwords.

One of the Reddit users also mentioned that users can delete the Unflod.dylib file by entering the devices' SSH/Terminal, and navigating through Folder > Library > MobileSubstrate > DynamicLibraries. However, Esser says the the bug might appear again after some time, as the source of its emergence is not yet known.

Comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

OnePlus One with 3GB RAM, CM11S and Snapdragon 801 launched
DGCA permits use of electronics in flight mode during take-off and landing
Facebook Gadgets360 Twitter Share Tweet Snapchat LinkedIn Reddit Comment google-newsGoogle News

Advertisement

Follow Us
© Copyright Red Pixels Ventures Limited 2024. All rights reserved.
Trending Products »
Latest Tech News »