A Malware Called Unflod Found To Be Attacking Jailbroken Devices

Have you been experiencing app crashes and other glitches on your jailbroken iOS device recently? Maybe you have installed a new tweak, deleted something or maybe it’s a malware. Apparently, a new malware called Unflod.dylib has been infecting jailbroken iOS devices and this has been going on for months.

The Unflod malware installs on your iDevice without your attention and steals your Apple ID and Password. The malware isn’t very widespread, as it is most commonly found on jailbroken devices that have added pirate repositories or installed lesser known (pirated) Cydia packages.

iOS 7 Cydia Icon 2

A reddit user discovered this malware on April 17th by disabling MobileSubstrate extensions and restarting them one-by-one. After some research by a German security firm SektionEins, it was found that the malware has a Chinese origin and can also be found under the name of framework.dylib in some instances.

A piece of malware has shown up on a few jailbroken devices – it’s almost certainly installed via something on a non-default repository (such as a pirate repository), and it’s probably installed via a less-popular package, since it’s not very common. It’s usually called Unflod.dylib, and it’s a malicious piece of software that tries to steal your Apple ID and password; nobody has figured out yet exactly where it comes from.

If you find Unflod.dylib or framework.dylib in /Library/MobileSubstrate/DynamicLibraries then it means your device has been affected. You should open iFile and delete both the files, including unflod.plist or framework.plist. Afterwards, reboot your iOS device and change your Apple ID and Password.

You can also help Cydia’s creator Saurik figure out the Unflod and framework malwares by following the instructions mentioned on this Reddit thread. It isn’t very clear how the malware is installed on a jailbroken device, but it could be because of installing a pirated tweak from a pirate repository.

Have you been affected by any of these malwares? If so, do remember to delete them and change your Apple ID and Password. Also make sure you think twice before installing pirate repos.

Don't forget to follow iJailbreak.com on Facebook, Twitter and Google+.
  • emmanuel

    jajajajajjaaj good strategy for trying us to avoid piracy …… i don´t give a single f&%$k

  • TechPro

    And anyways, BiteYourApple and HackYouriPhone have ALWAYS been reliable. Proud jailbreaker since 2011, and I have been using those two repos everytime

  • TittiesAllDay

    Have been having crashes with certain apps, but haven’t found either suspicious file. I’ve heard it may be caused by the latest appsync, but the crashing apps aren’t that useful day to day for me anyways. And appsync is soooo…

  • Zack Tiang

    I installed iFile and looked in /Library and could not find /MobileSubstrate… 0_o?

  • http://mobileboome.weebly.com/ Harry

    This file could be called anything so compare your known installed tweaks and the .dylib file names

  • Triplo

    Same .-.