A new bug has come to light which is stealing Apple IDs and password from jailbroken iPhones. For those who are unaware, a jailbroken iPhone is an iPhone which has had limitations removed from the iOS. Removing these limitations allows the download of additional applications, extensions, and themes that are unavailable through the official Apple App Store.
Lack of security is a well-known risk when jailbreaking, but it rarely stops those who are looking to get more from their iPhone.
So, back to the malware.
The strangely titled “unflod Baby Panda” is suspected to be of a Chinese origin according to security firm SektionEins. The malware works by inserting itself into running processes and stealing credentials.
Disguised as a library called Unflod.dylib, SektionEins says that the malware tries to “steal the device’s Apple ID and corresponding passwords and sends them in plaintext to servers with IP addresses in control of U.S. hosting companies, for apparently Chinese customers.”
To get rid of the malware if infected, users need to look at the /Library/MobileSubstrate/DynamicLibraries/ directory where the file Unflod.dylib will be hiding. You can then use iFIle to locate that files as well as Unflod.plist. Once you have found them, then you will need to permanently delete them.
We recommend that you also change your Apple ID passwords and enable two-step verification.