The researchers at Palo Alto Networks report that was recently found and analyzed a new malware called AppBuyer which affects broken iOS devices to steal Apple ID and Passwords. The malware will connects to server C & C, in order to download and execute malicious files, with the target to steal the Apple ID and password in order to purchase applications from App Store.
At the moment it is not clear how AppBuyer installed in jailbroken devices , but the PA Network said that the program was set to execute three actions, First, it downloads an EXE file to generate a singular UUID, second it downloads a Cydia Substrate tweak to steal the consumer’s ID and password, and third, it downloads a utility to login to the App Store and purchase apps.
For users who have already done the jailbreak to their devices, here is a way to determine if one or some of these files exist in the file system. You can use iFile, iExplorer or similar software to find if any of the following files are on your device, If these files are present, there is a good chance that you are affected.
- /System/Library/LaunchDaemons/com.archive.plist
- / Bin / updatesrv
- /tmp/updatesrv.log
- / Etc / uuid
- /Library/MobileSubstrate/DynamicLibraries/aid.dylib
- / Usr / bin / gzip
Post a Comment