Over the weekend, we've had one of those bad days in the jailbreaking community. This is one of the cons of jailbreaking, one of the things that happens rarely and that makes everyone on the other side of jailbreaking (the non-jb) use as a reason for not jailbreaking.
A malware (Unflod) has discreetly crept into many users' iPhones, most notably when you've got repos that have pirate/cracked tweaks and apps added to your sources. Details are very sketchy about how the tweak crept in but what it does is now very clear.
The malware is called Unflod. It's tucked visibly inside Mobile Substrate and can be removed quite easily if you've got iFile. What it does – redditors have found out – is that it collects your Apple ID and password and sends it to a Chinese server as plain text. Scary as it is, we don't know how many accounts have been compromised or what damages have happened so far.
To keep yourself protected, there are two things you should do:
- Remove Unflod.dylib
- Change your AppleID Password (preferably, on the computer)
#1. How to Remove Unflod
To remove Unflod from your iPhone, you'll need iFile. You can download that from Cydia. (iFile is shareware). Then:
- Open iFile
- Navigate to /Library/MobileSubstrate/DynamicLibraries
- Tap on Edit from the top
- Scroll down, find Unflod.dylib and select it.
- Tap on the Delete icon
#2. Changing your Apple ID password
This is a safety measure that we strongly recommend. It's a pain in the back but you have to do this if you've go a jailbroken iPhone where you have used your Apple ID.
- Go to https://appleid.apple.com
- Sign-in to your account
- Click on Password & Security
- You can either answer security questions to change the password or click on “Send reset security info email to” to have your password reset / to create a new password.
Protecting Yourself from iOS Malware
For all the luxurious benefits that jailbreaking offers, ranging from amazing lockscreen tweaks to customizations of every imaginable kind, this is the risk that it throws up.
Those that don't jailbreak are relatively completely secure: Apps are vetted by Apple very vigorously and Apple's code itself is secure enough (except the couple of times it goes against this assumption).
But once you jailbreak, you are really at the mercy of your own knowledge, caution and the community's collective effort. Most of time, it's a piracy-related repo that happens to be the cause of a malware. This time too, it looks just like it.
We don't really know where Unflod came from or how it gets installed. It doesn't seem to be a part of any package. Removing it and changing your password is something you must do.