Unflod Baby Panda - Jailbroken iOS Malware steals AppleID and Passwords

[Ink]

Reddit: Instructions from saurik for anyone with Unflod.dylib in /Library/MobileSubstrate/DynamicLibraries/

A piece of malware has shown up on a few jailbroken devices - it's almost certainly installed via something on a non-default repository (such as a pirate repository), and it's probably installed via a less-popular package, since it's not very common. It's usually called Unflod.dylib, and it's a malicious piece of software that tries to steal your Apple ID and password; nobody has figured out yet exactly where it comes from. You can read analysis by i0n1c here, and discussion in these two threads: what is it? and beware of it.​

10 Steps to Remove Unflod.dylib from your Jailbroken iOS device
http://www.reddit.com/r/jailbreak/comments/23d990/instructions_from_saurik_for_anyone_with/

On 17th April 2014 a malware campaign targetting users of jailbroken iPhones has been discovered and discussed by reddit users. This malware appears to have Chinese origin and comes as a library called Unflod.dylib that hooks into all running processes of jailbroken iDevices and listens to outgoing SSL connections. From these connections it tries to steal the device's Apple-ID and corresponding password and sends them in plaintext to servers with IP addresses in control of US hosting companies for apparently Chinese customers.

Users of reddit have made this malware available to the public, which allowed SektionEins to perform an analysis of this threat.

However so far only the malware itself has been found and until now it is unknown how it ends up on jailbroken phones. Rumours that Chinese piracy repositories are involved are so far unverified.

Meanwhile it has been discovered that framework.dylib is another name for the same threat used in other infections

Further Reading (Threat Analysis)
https://www.sektioneins.de/en/blog/14-04-18-iOS-malware-campaign-unflod-baby-panda.html