General Public service malware announcement

dhlizard

macrumors G4
Original poster
Mar 16, 2009
10,213
118
The Jailbreak Community
I haven't seen this mentioned here yet...

PUBLIC SERVICE MALWARE ANNOUNCEMENT

Use iFile, iFunBox or an SSH client to check your jailbroken device for this .dylib file - Unflod.dylib

The path to search is - /Library/MobileSubstrate/DynamicLibraries/Unflod.dylib

If you have installed any apps from dubious sources, you run a high risk of having been infected. This malware sends your AppleID and password to a Chinese location.
https://www.sektioneins.de/en/blog/14-04-18-iOS-malware-campaign-unflod-baby-panda.html

If you find this file, I recommend followup here -https://twitter.com/coolstarorg/status/457049623593357312

Then do a hard reboot !

And of course, if you find it - change your password !
 

Applejuiced

macrumors Westmere
Apr 16, 2008
40,650
6,404
At the iPhone hacks section.
Wonder if they will release a cydia patch for this. Cause even if its currently not on any default repos someone could put out a free tweak/hack on a main repo and include that type of code on the .deb
 
Last edited:

bradl

macrumors 601
Jun 16, 2008
4,006
11,826
Wonder if they will release a cydia patch for this. Dause even if its currently not on any default repos someone could put out a free tweak/hack on a main repo and include that type of code on the .deb
But is this really the fault of Cydia, and saurik's responsibility to patch it?

Seriously, to me it sounds like this only becomes a problem if someone installed an app from a dubious repo. If anything, Cydia should just block the repo, but that is about all they can do. Since the user created the problem by adding the dubious repo to get to the dubious app, it would be up to the user to fix their problem.

I see what you mean by the potential of it being injected into any of the default repos, but that is about as far as Saurik can take it. Onus is on the user to fix the problem they caused.

BL.
 

Applejuiced

macrumors Westmere
Apr 16, 2008
40,650
6,404
At the iPhone hacks section.
But is this really the fault of Cydia, and saurik's responsibility to patch it?

Seriously, to me it sounds like this only becomes a problem if someone installed an app from a dubious repo. If anything, Cydia should just block the repo, but that is about all they can do. Since the user created the problem by adding the dubious repo to get to the dubious app, it would be up to the user to fix their problem.

I see what you mean by the potential of it being injected into any of the default repos, but that is about as far as Saurik can take it. Onus is on the user to fix the problem they caused.

BL.
Of Course its not Sauriks fault. How did you get that from my post? It would be nice to have a patch available to protect us though right? Better safe then sorry. Right now its only a problem if someone installs pirated stuff from 3rd party repos. But what if that malware makes its way into stock repos? That's all I was saying.
 

Totally

macrumors 6502a
Feb 22, 2012
742
259
West Coast = Best Coast
My guess is that its not even that widespread. I honestly think it's probably attached to 1 pirate tweak. And all the people that downloaded that 1 tweak from that 1 source got it.
 

dhlizard

macrumors G4
Original poster
Mar 16, 2009
10,213
118
The Jailbreak Community
Wonder if they will release a cydia patch for this. Cause even if its currently not on any default repos someone could put out a free tweak/hack on a main repo and include that type of code on the .deb
There are several "fixes" on Cydia already (since early yesterday). One is from CoolStar - link is in my original post. I don't believe there is any preventative measure available as this does not seem to be widespread.

And with regard to Saurik, here is a post from him: http://www.reddit.com/r/jailbreak/comments/23d990/instructions_from_saurik_for_anyone_with/

Update: Just saw on reddit a package to prevent the install of Unflod.dylib has been submitted to BigBoss repo.
 
Last edited: