iPhone Malware Targets Apple IDs on Jailbroken Devices

iPhones are being targeted by a new and mysterious piece of malware that iOS users have discovered. The threat is called “Unblod Baby Panda” and it’s essentially an application that runs in the background on an iOS device, with the main goal of hunting for Apple ID credentials.

The threat was first discovered by a Reddit user who noticed the mysterious add-on roaming around on his jailbroken iPhone. He noted that the tweak has caused crashes in Snapchat and Google Hangouts. One user even claims that the malware came from the same repo that Auxo 2 is stored in. Auxo 2 is safe, but the user says that there might be a jailbreak tweak in that same repository that’s infected with the malware.

One big limitation of the malware add-on is that it only runs on jailbroken iOS devices and can only infiltrate a device by hiding in a jailbreak tweak that users download and install onto their iPhone or iPad, which can be a bit difficult, but it happens; users download jailbreak tweaks from unknown sources and end up getting the malware installed.

Not to worry, though, as Cydia creator Saurik has a thorough guide on how to safely get rid of the Unblod Baby Panda malware add-on.

How to Find Out if You’re Infected

If you’re not sure if you have the malware threat on your jailbroken iPhone or iPad, there’s an easy to see if you have iFile or some other file system explorer on your iOS device.

Next, navigate to /Library/MobileSubstrate/DynamicLibraries/ and see if Unflod.dylib and Unflod.plist (or framework.dylib and framework.plist) are in the list of files in that directory. If so, you’re infected and need to remove them. If not, you’re probably in the clear. We say “probably” because Saurik says that the threat could be under different names, but it’s unlikely at this point.

What to Do if You’re Infected

The first thing to do would be to delete the malware using iFile, but before you do that, you need to jot down some information, install OpenSSH from Cydia, and execute some commands in MobileTerminal. It’s certainly not something that novice users should go through, but we’re guessing that if you’re jailbroken, you probably know a thing or two about the inside workings of iOS. Again, be sure to read Saurik’s full step-by-step instructions on how to remove the malware.

After you delete the malware, you should immediately change your Apple ID password. The malware captures your Apple ID credentials from SSL sessions and sends them to a Chinese iOS site.

However, many folks are saying that the malware threat could have installed more malicious files onto iOS devices than just the two previously-mentioned files, which means that the only real way to fully recover from the malware threat is to restore your iPhone or iPad to factory conditions, although this would mean that you would lose your jailbreak.

That’s really the only solid method for now, unless users in the jailbreak community can discover any and all files that Unblod Baby Panda installs, but that seems unlikely at this point.

Malware on Jailbroken iOS Devices

iOS is most known for its tight security measures when it comes to malware. Apple is very strict about what can and can’t be installed on an iPhone or iPad so that malware and viruses don’t make their way to the mobile OS. The same can’t be said with Android, though, as Google keeps its ecosystem open to anybody.

Of course, there’s nothing wrong with that, as it allows more freedom than iOS, but it ultimately leaves the door open for more security threats to make their way in, and if users aren’t careful about where they’re installing apps and tweaks from, it can open a can of worms that could be hard to get rid of.

Jailbroken iOS devices are the same way. When you jailbreak your iOS device, you’re essentially breaking down Apple’s walled garden and freeing up your iPhone or iPad, but when you do that, you’re also inviting in malware threats if you’re not careful.

This Unblod Baby Panda malware threat is only compatible with jailbroken iPhones, which means that most users won’t be affected, and the iTunes App Store is clean of this threat, so if you’re not jailbroken, you don’t need to worry about getting malware on your iPhone.