iOS 7 and 8 Jailbreak Malware Discovered: New Torjan Horse for iPhone

ios malware appbuyer

iOS Trojan horse attacks iPhone and iPad users who have jailbroke their devices. This malware called “AppBuyer” was discovered by Palo Alto Networks. The company provided analyze for the iOS malware and you can learn more about this new Trojan thanks to them.

Let’s take a closer look at this iOS Trojan virus. Firstly, it can affect you only if you are jailbroken. At the moment, iOS 7.1.1 and iOS 7.1.2 can be jailbroken with Pangu, Evasi0n and p0sixpwm tools. iOS 8 betas can also be jailbroken with Pangu. The new iOS 8 which is released on September 17th might be jailbroken or not. Hackers haven’t said anything yet so millions of eye are in hopes to see the new jailbreak this September. Secondly, it is still not clear how exactly the virus can be installed on your iDevice.

About iOS Malware AppBuyer

The new iOS 7 jailbreak malware which might also be the next iOS 8 jailbreak malware if the system can be officially jailbroken by iPhone 6 and 6 Plus owners from all over the world acts like this.

Step 1: Once you got the Trojan it will download .exe file which in its turn can generate UUID for you. You can uninstall pangu jailbreak but it may not help so follow step 2.

Step 2: Once UUID is created the Trojan will download a Cydia Substrate tweak that can access your HTTPS and HTTP sessions. This way the virus can steal your ID and password.

Step 3: The program can then get a fake gzip tool that can login into your account.

Step 4: The attacker can now download apps and games using your account.

Jailbreaking is risky. Everyone knows this but it also gives you tons of new possibilities. You can protect yourself. Just run iFunBox or iFile programs to make sure you don’t have malware files in your directories. If you found any of the files mentioned below, just remove them and stay secured:

  • /System/Library/LaunchDaemons/com.archive.plist
  • /bin/updatesrv
  • /tmp/updatesrv.log
  • /usr/bin/gzip
  • /etc/uuid
  • /Library/MobileSubstrate/DynamicLibraries/aid.dylib

The files mentioned above are Trojan.

Share PanGu Boot News ...Share on Google+0Tweet about this on Twitter0Share on Facebook0Email this to someone