A new malware campaign targetting users of jailbroken iOS devices has been discovered by reddit users.
Called “Unflod Baby Panda,” the malware hooks into all running processes of jailbroken devices and tries to steal their Apple ID and corresponding password.
Security firm SektionEins had the following to say about the malware:
[It] appears to have Chinese origin and comes as a library called Unflod.dylib that hooks into all running processes of jailbroken iDevices and listens to outgoing SSL connections.
From these connections it tries to steal the device’s Apple-ID and corresponding password and sends them in plaintext to servers with IP addresses in control of US hosting companies for apparently Chinese customers.
To detect the infection, users can navigate to /Library/MobileSubstrate/DynamicLibraries/ and check to see if the file “Unflod.dylib” exists within this folder. If it does, this confirms that your device is infected with malware.
To remove it users should locate the malware files Unflod.dylib and Unflod.plist using iFile. These can then be deleted manually using a permanent file deletion tool like iShredder.
Affected users should then change their Apple ID password and enable two-step verification. If you’re unsure about any secondary infections due to the malware, perform a full restore to remove all existing threats from your iOS device.
Further advice can be found by visiting this reddit thread.
Note: if you haven’t jailbroken your iOS device, you have nothing to worry about.