In a rare bit of crowd-sourced credit, today users on the social news aggregation website/forum/community board Reddit discovered a new malware threat installed on a user’s jailbroken device.
Members of the subreddit r/jailbreak (not to be confused with the much maligned r/jailbait, which made headlines on Anderson Cooper 360 last year), first stumbled across the new exploit while helping out another user who had come to the site in search of answers as to why his phone had been acting up in recent weeks.
“Currently the jailbreak community believes that deleting the Unfold.dylib binary and changing the apple-id’s password afterwards is enough to recover from this attack. However it is still unknown how the dynamic library ends up on the device in the first place and therefore it is also unknown if it comes with additional malware gifts,” the researchers wrote in an analysis of the infection.”
The original poster (or “OP”, as they liked to be called around those parts), claims the phone would act up whenever he used apps like SnapChat or Google Hangouts, which led the impromptu disinfection team to suspect that whatever data it’s attempting to steal, it probably has something to do with the front camera and the apps that are given permissions to access it.
Upon getting a second look from researchers at the German-born SekitonEins, a trace was found that sniffed out SSL traffic on the phone and attempted to pull Apple ID data from each transmission. They were also able to conclude the only surefire method of removal at this point is a full reset of the device, which essentially wipes the jailbreak and sends the whole thing back to stock in about 15 minutes or less.
Luckily, only those who have gone out of their way to jailbreak their phones are vulnerable to the attack. The majority of unmodded iPhones will stay as safe as always, currently sitting pretty with one of the best mobile security records possible amongst a sea of near non-competitors like Android.