General Public service malware announcement

Discussion in 'Jailbreaks and iOS Hacks' started by dhlizard, Apr 18, 2014.

  1. dhlizard macrumors G4

    dhlizard

    Joined:
    Mar 16, 2009
    Location:
    The Jailbreak Community
    #1
    I haven't seen this mentioned here yet...

    PUBLIC SERVICE MALWARE ANNOUNCEMENT

    Use iFile, iFunBox or an SSH client to check your jailbroken device for this .dylib file - Unflod.dylib

    The path to search is - /Library/MobileSubstrate/DynamicLibraries/Unflod.dylib

    If you have installed any apps from dubious sources, you run a high risk of having been infected. This malware sends your AppleID and password to a Chinese location.
    https://www.sektioneins.de/en/blog/14-04-18-iOS-malware-campaign-unflod-baby-panda.html

    If you find this file, I recommend followup here -https://twitter.com/coolstarorg/status/457049623593357312

    Then do a hard reboot !

    And of course, if you find it - change your password !
     
  2. Totally macrumors 6502a

    Totally

    Joined:
    Feb 22, 2012
    Location:
    West Coast = Best Coast
    #2
    Not on my phone luckily - Does anyone know what package installs it yet?
     
  3. aPple nErd macrumors 68030

    aPple nErd

    Joined:
    Feb 12, 2012
    Location:
    Jailbreaks/IOS Hacks
    #3
    not on mine either. it's worth paying for tweaks/themes, people!
     
  4. LoLife macrumors regular

    Joined:
    Jun 1, 2010
    Location:
    Reno, NV
  5. 0xyMoron macrumors 6502

    Joined:
    Oct 5, 2012
    Location:
    California
    #5
    Clean & Clear :cool:

    Just shows how fragile Cydia can be in terms of being destructive if misused, the pirate becomes the victim.
     
  6. Gmerdude macrumors 6502

    Gmerdude

    Joined:
    Dec 28, 2012
    Location:
    Everywere
    #6
    I wonder what package installs this I'm clean tho lol
     
  7. kalirob99 macrumors 68000

    kalirob99

    Joined:
    Dec 24, 2008
    Location:
    California
    #7
    I agree it's prolly tweaks from an outside source, I'm curious what's to blame.
     
  8. goobot macrumors 603

    goobot

    Joined:
    Jun 26, 2009
    Location:
    long island NY
  9. Applejuiced, Apr 18, 2014
    Last edited: Apr 18, 2014

    Applejuiced macrumors Westmere

    Applejuiced

    Joined:
    Apr 16, 2008
    Location:
    At the iPhone hacks section.
    #9
    Wonder if they will release a cydia patch for this. Cause even if its currently not on any default repos someone could put out a free tweak/hack on a main repo and include that type of code on the .deb
     
  10. bradl macrumors 68040

    bradl

    Joined:
    Jun 16, 2008
    #10
    But is this really the fault of Cydia, and saurik's responsibility to patch it?

    Seriously, to me it sounds like this only becomes a problem if someone installed an app from a dubious repo. If anything, Cydia should just block the repo, but that is about all they can do. Since the user created the problem by adding the dubious repo to get to the dubious app, it would be up to the user to fix their problem.

    I see what you mean by the potential of it being injected into any of the default repos, but that is about as far as Saurik can take it. Onus is on the user to fix the problem they caused.

    BL.
     
  11. Applejuiced macrumors Westmere

    Applejuiced

    Joined:
    Apr 16, 2008
    Location:
    At the iPhone hacks section.
    #11
    Of Course its not Sauriks fault. How did you get that from my post? It would be nice to have a patch available to protect us though right? Better safe then sorry. Right now its only a problem if someone installs pirated stuff from 3rd party repos. But what if that malware makes its way into stock repos? That's all I was saying.
     
  12. Totally macrumors 6502a

    Totally

    Joined:
    Feb 22, 2012
    Location:
    West Coast = Best Coast
    #12
    My guess is that its not even that widespread. I honestly think it's probably attached to 1 pirate tweak. And all the people that downloaded that 1 tweak from that 1 source got it.
     
  13. dhlizard, Apr 19, 2014
    Last edited: Apr 19, 2014

    dhlizard thread starter macrumors G4

    dhlizard

    Joined:
    Mar 16, 2009
    Location:
    The Jailbreak Community
    #13
    There are several "fixes" on Cydia already (since early yesterday). One is from CoolStar - link is in my original post. I don't believe there is any preventative measure available as this does not seem to be widespread.

    And with regard to Saurik, here is a post from him: http://www.reddit.com/r/jailbreak/comments/23d990/instructions_from_saurik_for_anyone_with/

    Update: Just saw on reddit a package to prevent the install of Unflod.dylib has been submitted to BigBoss repo.
     
  14. Carlanga macrumors 604

    Carlanga

    Joined:
    Nov 5, 2009
    #14
    Clean as a whistle here. Thanks for letting us know dhl!
     

Share This Page