A Next Generation Blog

Unknown Malware Steals Apple ID Credentials from Jailborken iOS Devices

Are you an Apple device user? Does your device run on 32-bit versions of iOS? Then you have much reason to worry since a latest report from Apple sources reveal that a new active malware christened as unfold has been detected attacking the jailbroken Apple device that support the 32-bit versions of iOS. The issues was initially detected by some of the users who complain that the malware was found stealing their Apple ID credentials.

However, it’s great news that the bug targets only the 32-bit iOS devices and hence users of iPhone 5s, iPad mini 2G & iPad air should not get worried since these devices run on 64-bit iOS. Ensuring the news, Stefan Esser, a security researcher for Ars Technica said, “There is no ARM 64-bit version of the code in the copy of the library we got […]This means the malware should never be successful on [the] iPhone 5S/iPad Air or iPad mini 2G.”

The malware came into the limelight only after a few users complained on the constant crash of some jailbreak customizations in a couple of Reddit threads (1, 2), post installation. After the complaint, Essar carried on a static analysis on the binary codes of the affected devices and what he confirmed, the Unflod malware fits to the jailbroken devices’ SSLWrite function tightly & scans the links which comprises of the Apple ID and passwords. Post discovery, the credentials are passed on to controlled servers.

Suggesting a temporary solution to the issue, Esser suggests users to restore their devices to factory settings and change the user IDs 7 Passwords of their Apple devices. Anyways, this depends upon the users if they will accept the suggestion since most of them would not prefer to quit their jailbreaks and following tweaks on progress.

As per the recommendation of another Reddit user, you can delete the unfold.dylib file by reaching the devices’ SSH/Terminal, and navigating through Folder => Library => MobileSubstrate => DynamicLibraries.  But Esser doesn’t mention the procedure absolutely secure as he doubts that the bug might recreated again after sometime since its source has not been detected yet.

So 32-bit users! Keep your data & device safe by following the given methods. Also you can recommend here if any possible you have already got to the issue.

Leave A Reply

Your email address will not be published.