Have you been experiencing app crashes and other glitches on your jailbroken iOS device recently? Maybe you have installed a new tweak, deleted something or maybe it’s a malware. Apparently, a new malware called Unflod.dylib has been infecting jailbroken iOS devices and this has been going on for months.
The Unflod malware installs on your iDevice without your attention and steals your Apple ID and Password. The malware isn’t very widespread, as it is most commonly found on jailbroken devices that have added pirate repositories or installed lesser known (pirated) Cydia packages.
A reddit user discovered this malware on April 17th by disabling MobileSubstrate extensions and restarting them one-by-one. After some research by a German security firm SektionEins, it was found that the malware has a Chinese origin and can also be found under the name of framework.dylib in some instances.
A piece of malware has shown up on a few jailbroken devices – it’s almost certainly installed via something on a non-default repository (such as a pirate repository), and it’s probably installed via a less-popular package, since it’s not very common. It’s usually called Unflod.dylib, and it’s a malicious piece of software that tries to steal your Apple ID and password; nobody has figured out yet exactly where it comes from.
If you find Unflod.dylib or framework.dylib in /Library/MobileSubstrate/DynamicLibraries then it means your device has been affected. You should open iFile and delete both the files, including unflod.plist or framework.plist. Afterwards, reboot your iOS device and change your Apple ID and Password.
You can also help Cydia’s creator Saurik figure out the Unflod and framework malwares by following the instructions mentioned on this Reddit thread. It isn’t very clear how the malware is installed on a jailbroken device, but it could be because of installing a pirated tweak from a pirate repository.
Have you been affected by any of these malwares? If so, do remember to delete them and change your Apple ID and Password. Also make sure you think twice before installing pirate repos.