The iPhone Wiki is no longer updated. Visit this article on The Apple Wiki for current information. |
Difference between revisions of "Unflod"
(Dynamic libraries aren't configuration files) |
m |
||
(2 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
Unflod was a malicious piece of software targeting jailbroken iOS devices. It attempts to capture the user's Apple ID and password by using MobileSubstrate to hook into the ''SSLWrite'' function of [[Security.framework]] and then listening to data passed to it. Once the Apple ID and password are captured, it is sent to a Chinese IP address. |
Unflod was a malicious piece of software targeting jailbroken iOS devices. It attempts to capture the user's Apple ID and password by using MobileSubstrate to hook into the ''SSLWrite'' function of [[Security.framework]] and then listening to data passed to it. Once the Apple ID and password are captured, it is sent to a Chinese IP address. |
||
− | |||
The virus is a library which uses MobileSubstrate to inject itself into processes. It is installed to /Library/MobileSubstrate/DynamicLibraries/Unflod.dylib. Since the virus is just a dynamic library, it can be removed by simply deleting the file. This can be automated by using CoolStar's [http://cl.ly/V5Kh Un-Unflod Tool]. |
The virus is a library which uses MobileSubstrate to inject itself into processes. It is installed to /Library/MobileSubstrate/DynamicLibraries/Unflod.dylib. Since the virus is just a dynamic library, it can be removed by simply deleting the file. This can be automated by using CoolStar's [http://cl.ly/V5Kh Un-Unflod Tool]. |
||
== History == |
== History == |
||
− | The Unflod virus was inadvertently discovered by a Reddit user on |
+ | The Unflod virus was inadvertently discovered by a Reddit user on {{date|2014|04|17}}. After posting about it, multiple reverse engineers were able to determine that it was indeed malicious. |
The origin of Unflod is unknown. It is believed to come from Chinese piracy repositories, but the true source is yet to be discovered. |
The origin of Unflod is unknown. It is believed to come from Chinese piracy repositories, but the true source is yet to be discovered. |
||
== External Resources == |
== External Resources == |
||
* https://www.sektioneins.de/en/blog/14-04-18-iOS-malware-campaign-unflod-baby-panda.html |
* https://www.sektioneins.de/en/blog/14-04-18-iOS-malware-campaign-unflod-baby-panda.html |
||
+ | |||
+ | [[Category:Malware research]] |
Latest revision as of 12:58, 17 September 2021
Unflod was a malicious piece of software targeting jailbroken iOS devices. It attempts to capture the user's Apple ID and password by using MobileSubstrate to hook into the SSLWrite function of Security.framework and then listening to data passed to it. Once the Apple ID and password are captured, it is sent to a Chinese IP address.
The virus is a library which uses MobileSubstrate to inject itself into processes. It is installed to /Library/MobileSubstrate/DynamicLibraries/Unflod.dylib. Since the virus is just a dynamic library, it can be removed by simply deleting the file. This can be automated by using CoolStar's Un-Unflod Tool.
History
The Unflod virus was inadvertently discovered by a Reddit user on 17 April 2014. After posting about it, multiple reverse engineers were able to determine that it was indeed malicious. The origin of Unflod is unknown. It is believed to come from Chinese piracy repositories, but the true source is yet to be discovered.