New Malware Targets Jailbroken iPhones, iPads

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Reddit users recently began discussing a new form of malware targeting jailbroken iOS devices, which the German security consultancy SektionEins is calling "Unflod Baby Panda" (h/t Sophos).

"Unflod" comes from the name of the file, but it's not clear where the name "Baby Panda" comes from.

"This malware appears to have Chinese origin and comes as a library called Unflod.dylib that hooks into all running processes of jailbroken iDevices and listens to outgoing SSL connections," SektionEins researchers write. "From these connections it tries to steal the device's Apple ID and corresponding password and sends them in plain text to servers with IP addresses in control of U.S. hosting companies for apparently Chinese customers."

The device targets jailbroken devices -- the name Unflod may be an attempt to make the malware seem innocuous by looking like an actual Cydia jailbreak tweak called Unfold.

At this point, SektionEins reports, deleting the Unflod.dylib/framework.dylib binary and changing your password might be enough to recover from infection -- but the only way to be truly safe is to do a full restore of your iDevice, removing the jailbreak.

"If you haven't jailbroken your iOS device, you don't need to worry," notes Sophos' Paul Ducklin.

Submit a Comment

Loading Comments...