Malware Focuses on iOS

Wednesday, April 23, 2014 @ 09:04 AM gHale

There is a malware infection targeting iOS users.

The r/jailbreak community on Reddit found the infection while assisting a user who had been noticing unusual activity on his iPhone that was suffering a jailbreak.

Galaxy S5 Fingerprint Scanner Hacked
Multiple Attacks for Android Trojan
Google Glass for Security
Strengthening Two-Factor Authentication

Known as ‘Unflod Baby Panda,’ the infection targets jailbroken iOS handsets and is appears to be spreading through Chinese iOS software sites. The malware listens in to SSL traffic on the infected handsets and looks to steal Apple ID information, said researchers at German security firm SektionEins.

The researchers believe the stolen credentials are going to servers controlled by individuals in China.

While manual removal of the malware is possible, SektionEins said the malware could be putting additional files on infected handsets which no one has discovered yet.

“Currently the jailbreak community believes that deleting the Unfold.dylib binary and changing the apple-id’s password afterwards is enough to recover from this attack. However, it is still unknown how the dynamic library ends up on the device in the first place and therefore it is also unknown if it comes with additional malware gifts,” the researchers said in a blog post.

“We therefore believe that the only safe way of removal is a full restore, which means the removal and loss of the jailbreak.”

Because the malware requires the victim’s handset to be jailbroken for installation, most iPhone owners are not vulnerable to the infection. The malware was not on any apps offered through the Apple iOS App Store.

Malware on iOS devices has largely been a non-issue, thanks to Apple’s tight control of the App Store approval process, which lets the company spot and disable potential malware threats. Users who jailbreak their handsets, however, do run the risk of infection should they install software from untrusted sources.

Leave a Reply

You must be logged in to post a comment.