Saptamana trecuta v-am vorbit despre Unflod, un malware pentru iOS conceput de catre hackeri chinezi pentru a fura datele de logare ale Apple ID-urilor. Dupa o analiza avansata a malware-ului, o companie de securitate informatica a aflat ca troianul monitorizeaza toate procesele active ale iOS-ului, plus conexiunile SSL. Informatiile privind datele de logare ale Apple ID-urilor preluate din terminale sunt mai apoi transmise catre servere americane cumparate de catre hackerii din China, ei preluand apoi controlul asupra Apple ID-urilor.
This malware appears to have Chinese origin and comes as a library called Unflod.dylib that hooks into all running processes of jailbroken iDevices and listens to outgoing SSL connections. From these connections it tries to steal the device’s Apple-ID and corresponding password and sends them in plaintext to servers with IP addresses in control of US hosting companies for apparently Chinese customers.
Malware-ul Unflod este “ascuns” in pachete disponibile in Cydia doar pentru terminalele care au jailbreak si partea buna este ca el afecteaza doar iDevice-urile care au procesoare de 32 biti, adica doar toate cele lansate pana la iPhone 5S. Partea proasta in toata aceasta problema este ca simpla stergere a fiserelor Unflod.dylib si framework.dylib din /Library/MobileSubstrate/DynamicLibraries/ nu ar rezolva complet problema, expertii in securitate nefiind siguri de modul in care el afecteaza iOS-ul. Deocamdata singura rezolvare sigura a problemei implica efectuarea unui restore complet al iOS-ului si schimbarea parolei Apple ID-ului.
Currently the jailbreak community believes that deleting the Unflod.dylib/framework.dylib binary and changing the apple-id’s password afterwards is enough to recover from this attack. However it is still unknown how the dynamic library ends up on the device in the first place and therefore it is also unknown if it comes with additional malware gifts. We therefore believe that the only safe way of removal is a full restore, which means the removal and loss of the jailbreak.
Acesta este, probabil, cel mai periculos malware lansat vreodata pentru platforma iOS, ea fiind in general evitata de catre hackeri din cauza ecosistemului inchis si protejat avid de catre Apple.
