'Unflod' malware stealing Apple ID credentials from jailbroken iOS devices

Advertisement
By Robin Sinha | Updated: 23 April 2014 17:11 IST

A new active malware, dubbed 'unflod', has been discovered by some users who say that the bug targets certain files in Apple products and steals Apple ID credentials.

The malware is understood to attack only those jailbroken Apple devices that run on 32-bit versions of iOS. This indicates that iPhone 5s, iPad Air and iPad mini 2G would stay unaffected, as they 64-bit versions of iOS. "There is no ARM 64-bit version of the code in the copy of the library we got [...]This means the malware should never be successful on [the] iPhone 5S/iPad Air or iPad mini 2G," mentioned Stefan Esser, a security researcher for Ars Technica.

Advertisement

Unflod was first mentioned in a couple of Reddit threads (1, 2), in which users complained about how their jailbroken devices have been repeatedly crashing after installing some jailbroken customisations.

However, Esser performed a static analysis on the binary codes of the infected devices mentioned by the Reddit users. As per Esser's blog, the Unflod malware clings to the jailbroken devices' SSLWrite function and runs a scan on the links that include the Apple ID and passwords. After the credentials are discovered, they are transmitted to controlled servers.

Advertisement

As a temporary solution to bypass the malware, Esser recommended users to restore their devices to factory settings. Most users however, would not want to give up their jailbreaks and subsequent tweaks in the process. He also recommended users to change their Apple IDs and passwords.

One of the Reddit users also mentioned that users can delete the Unflod.dylib file by entering the devices' SSH/Terminal, and navigating through Folder > Library > MobileSubstrate > DynamicLibraries. However, Esser says the the bug might appear again after some time, as the source of its emergence is not yet known.

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Advertisement

Related Stories

Popular Mobile Brands
  1. Vivo Y500 4G Makes Global Debut With an 8,100mAh Battery: See Price
  1. Nothing Ear 3a Spotted in Leaked Renders That Leave Little to the Imagination Ahead of Their Debut
  2. Vivo G5i, Vivo G5z Launched With 7,200mAh Battery, Snapdragon 4 Gen 2 SoC: Price, Features
  3. Redmi Note 17 and Poco M8 Plus Appear on BIS Certification Database, Might Launch in India Soon: Report
  4. Stablecoin Transactions Hit Record $1.79 Trillion in June, Analytics Show
  5. South Africa Proposes Crypto Tax Guidance Under Existing Framework
  6. Insta360 X6 Could Launch Soon With Larger Sensor, US FCC Listing Suggests
  7. Vivo V80 Series Price Range in India, Launch Timeline Tipped Along With Key Specifications, Features
  8. Huawei Pura 90 Series Global Launch Set for July 14; Pura 90s Pro Max Teased
  9. Apple Brings Back Card Payments for App Store and iCloud Transactions in India After Five Years
  10. Samsung Galaxy Z Fold 8 Series Tipped to Launch With a New Hinge to Minimise Display Crease
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.