While most reports detail Android malware efforts from malicious parties looking to take advantage of Android’s popularity in order to steal personal data and money from users, iOS isn’t completely safe from malware. A Reddit user has discovered an application running in the background on an iOS device that turned out to be a malware application hunting for Apple IDs. However, there’s a big catch that allows the app to work: the attacked iOS devices have to be jailbroken first. Moreover, the user will have to download certain apps from untrusted sources after the jailbreak, to get this new piece of software.
“I’ve been having crashes in Snapchat and Google Hangouts starting within the last week or so, Reddit user tdvx wrote. “After uninstalling and reinstalling the last 30 tweaks I installed, nothing. So I opened up iCleaner and disabled every mobile substrate tweak, then re-enabled them in groups until I found the culprit. I can’t figure out what it does and google returns nothing. I’m keeping it disabled for now, but I’m just curious.”
The malicious app is called “Unflod Baby Panda,” which spread through Chinese iOS software sites, The Register reports. German security firm SektionEins says that the application listens in to SSL traffic, looking for Apple ID credentials. The firm believes that the app can also install other files on affected devices, which are yet to be discovered, but says that the malware can be manually cleared.
“Currently the jailbreak community believes that deleting the Unfold.dylib binary and changing the Apple IDs password afterwards is enough to recover from this attack,” the firm said. “However it is still unknown how the dynamic library ends up on the device in the first place and therefore it is also unknown if it comes with additional malware gifts.”
“We therefore believe that the only safe way of removal is a full restore, which means the removal and loss of the jailbreak.”