Unflod.dylib malware: iPhone users warned against OS software stealing IDs and passwords
A new form of malware discovered just last week has stolen login IDs and password information from jailbroken Apple devices powered by Apple's popular operating system.
Called "Unflod.dylib," this malware captures Apple IDs and passwords from Internet sessions using the Secure Socket Layer (SSL) that encrypts communications. It then sends the login information to the Internet Protocol address "23.88.10.4."
SSL is a cryptographic protocols designed to provide supposedly communication security over the Internet. The notorious Heartbleed bug exploited a vulnerability in the SSL to expose passwords and other personal information to cybercriminals.
Users of the Apple iPhone 5 and other 32-bit jailbroken iOS devices are cautioned to check their devices for Unflod.dylib using file browsers such as iFile.
Should Unflod.dylib file be in that directory, complete instructions on how to remove the malware have been compiled by iOS developer, Saurik. The instructions can be found here.
Users affected by Unflod.dylib are advised to change their Apple ID password after the software is removed.
The latest 64-bit iOS devices such as the iPhone 5S, iPad Air and iPad Mini Retina might not be affected by the malware.
Security analysts said the malware might be of Chinese origin due to the error page displayed when visiting the IP address discovered in the code. They said a developer certificate was digitally signed by someone calling himself Wang Xin, which analysts believe is a fake name.
Other theories say that Unflod.dylib might have been installed through software obtained through a Chinese piracy app repository.
Unflod.dylib was discovered on some jailbroken Apple iOS devices last week by Reddit users. An Apple user complained that the file was causing Snapchat and Google Hangouts and other apps to constantly crash. Jailbreak developers that inspected the "Unflod.dylib" file then the malware Unflod.dylib.