Threat Encyclopedia

IOS_UNFLOD.A

Publish date: April 30, 2014

ANALYSIS BY

Lambert Sun


PLATFORM:

iOS

OVERALL RISK RATING:
DAMAGE POTENTIAL:
DISTRIBUTION POTENTIAL:
REPORTED INFECTION:
INFORMATION EXPOSURE:

  • Threat Type:Trojan

  • Destructiveness:No

  • Encrypted:

  • In the wild: Yes

OVERVIEW


TECHNICAL DETAILS

NOTES:

This malware is introduced when users install third-party applications in Cydia. However, only jailbroken devices are infected by this threat.

It uses Mobile Substrate to modify system behavior on jailbroken iOS devices.

It hooks the SSLWrite function when loaded and initialized.

Mobile Substrate is the framework that allows 3rd-party developers to provide run-time patches to system functions. It is available on almost all jailbroken devices.

The Unflod library hooks the SSLWrite function used when sending encrypted data over a secure connection. This means that the malware gets to see the confidential data before it is encrypted for transmission.

The information it steals, includes AppleID account and password of users.

Users can manually remove it by deleting /Library/MobileSubstrate/DynamicLibraries/Unflod.dylib on their devices.

Featured Stories

Connect with us on