Difference between revisions of "Unflod"

From The iPhone Wiki
Jump to: navigation, search
(Created page with "Unflod was a malicious piece of software targeting jailbroken iOS devices. It attempts to capture the user's Apple ID and password by using MobileSubstrate to hook into the ''...")
 
Line 6: Line 6:
 
The Unflod virus was inadvertently discovered by a Reddit user on April 17th, 2014. After posting about it, multiple reverse engineers were able to determine that it was indeed malicious.
 
The Unflod virus was inadvertently discovered by a Reddit user on April 17th, 2014. After posting about it, multiple reverse engineers were able to determine that it was indeed malicious.
 
The origin of Unflod is unknown. It is believed to come from Chinese piracy repositories, but the true source is yet to be discovered.
 
The origin of Unflod is unknown. It is believed to come from Chinese piracy repositories, but the true source is yet to be discovered.
  +
  +
== External Resources ==
  +
* https://www.sektioneins.de/en/blog/14-04-18-iOS-malware-campaign-unflod-baby-panda.html

Revision as of 20:42, 18 April 2014

Unflod was a malicious piece of software targeting jailbroken iOS devices. It attempts to capture the user's Apple ID and password by using MobileSubstrate to hook into the SSLWrite function of Security.framework and then listening to data passed to it. Once the Apple ID and password are captured, it is sent to a Chinese IP address.

The virus is installed to /Library/MobileSubstrate/DynamicLibraries/Unflod.dylib and can be removed by simply deleting the file.

History

The Unflod virus was inadvertently discovered by a Reddit user on April 17th, 2014. After posting about it, multiple reverse engineers were able to determine that it was indeed malicious. The origin of Unflod is unknown. It is believed to come from Chinese piracy repositories, but the true source is yet to be discovered.

External Resources