New Malware targets jailbroken iOS devices
A new malware has been discovered that specifically targets jailbroken iPhone smartphones and iPad tablets to steal Apple account credentials. The threat was discovered after it apparently caused unexplained crashes in some applications, culminating in the eventual discovery of the malware identified as "Unflod," based on the filename of the library.
As reported on PC World, "It appears that someone created a dynamic library for Cydia Substrate that hooks the legitimate iOS SSLWrite function to read data before it's encrypted and sent over a secure SSL connection. The rogue library is called Unflod.dylib, but instances with the name framework.dylib have also been observed."
[For more Fierce coverage on this malware, check out "Baby panda could be hiding in your jailbroken iPhones, iPads," on FierceITSecurity]
In essence, Unflod selectively intercepts sensitive data just before it is encrypted. The stolen data is sent to hardcoded IP addresses, which suggests that the hacker behind it is either new to cybercrime, or has only ever intended to target a relatively small number of victims. Given that it is still not known how the dynamic library ends up on the device in the first place, the prudent course of action is to perform a full restore.
The Fierce Take: While the malware does not appear to be widespread at the moment, it perfectly highlights the danger of allowing unsigned software to run. In the case of the iOS, this entails deliberately corrupting (jailbreaking) the operating platform to make running unsigned software possible.