Modernizing Authentication — What It Takes to Transform Secure Access
"Unflod" comes from the name of the file, but it's not clear where the name "Baby Panda" comes from.
"This malware appears to have Chinese origin and comes as a library called Unflod.dylib that hooks into all running processes of jailbroken iDevices and listens to outgoing SSL connections," SektionEins researchers write. "From these connections it tries to steal the device's Apple ID and corresponding password and sends them in plain text to servers with IP addresses in control of U.S. hosting companies for apparently Chinese customers."
The device targets jailbroken devices -- the name Unflod may be an attempt to make the malware seem innocuous by looking like an actual Cydia jailbreak tweak called Unfold.https://o1.qnsr.com/log/p.gif?;n=203;c=204650394;s=9477;x=7936;f=201801171506010;u=j;z=TIMESTAMP;a=20392931;e=i
At this point, SektionEins reports, deleting the Unflod.dylib/framework.dylib binary and changing your password might be enough to recover from infection -- but the only way to be truly safe is to do a full restore of your iDevice, removing the jailbreak.
"If you haven't jailbroken your iOS device, you don't need to worry," notes Sophos' Paul Ducklin.