Certain iPhone and iPad models that are jailbroken are actively at risk of malware that “listens” to outgoing SSL connections and attempts to pilfer the user’s Apple ID and password. The information was detailed by researchers after being discovered by a Reddit user, who asked for advice about it on Reddit’s Jailbreak board.
It seems the malware originated from China, but how it is getting on jailbroken iPhones and iPads isn’t yet known. Those infected will find it as a dynamic library called Unflod (unflod.dylib) inside the DynamicLibraries path. When found elsewhere, this malware is called framework.dylib instead.
The malware is digitally signed with an iPhone developer certificate, the researchers discovered, which is registered to someone called Wang Xin — whether that is a fake name or unwitting victim of theft isn’t known. Beyond this, it is believed the threat isn’t terribly old, due to a signature date in February of this year.
At the moment, users are deleting the dynamic library and changing their Apple ID/password combo to address the threat, but are at risk of reinfection. A full restore is recommended until more information about the malware (and how it infects devices) is revealed.
VIA: Ars Technica