There is a new malware campaign that has been devised to target and attack jailbroken iOS devices.  The jailbroken devices are easier to access due to their inbuilt security measures being removed/disabled.  This allows the jailbreak to function correctly.  “Unflod Baby Panda” is the name of the malware.

Online forum Reddit, has members who are credited with first discovering Unflod a couple of weeks back, when members of the “r/jailbreak” subreddit tried to assist a user whose jailbroken iPhone was not behaving as it should. After much debate, the Reddit users eventually came to the conclusion that the jailbroken device in question had a new type of malware on it.  The Reddit community then isolated the malware and proceeded to make its code public, which then allowed German security firm SektionEins to take a closer look.


The researchers at SektionEins discovered that Unflod was prying on infected devices’ outbound SSL-encrypted traffic and collecting any Apple ID information it found. That data as then transmitted (in unencrypted plain text) to U.S.-based servers that were apparently rented by Chinese clients.

It remains unclear how the Unflod malware is transmitted to jailbroken iOS devices, or if indeed the malware is capable of performing other actions, such as allowing other malicious files onto the infected device. It is interestin to note that SektionEins has warned that deleting the malware and altering the user’s Apple ID might not be sufficient to remove it and suggests a full system restore. SektionEins wrote in its in-depth analysis, “We therefore believe that the only safe way of removal is a full restore, which means the removal and loss of the jailbreak.”  The infected users would have to re-jailbreak their phones after performing the full restoration.  Apple’s mobile platform still retains the record of being Malware free, as the Unflod Baby Panda only affects jailbroken iOS devices.

As always, if you would like to leave a sensible comment, then please do so in the comments section below.

[Image via cydiaplus]