News Update: ‘AppBuyer’ malware for iOS discovered, affects jailbroken devices - iAppleStuffs

News Update: ‘AppBuyer’ malware for iOS discovered, affects jailbroken devices

Written by
I don’t know what Apple is doing with their privacy. We are hearing so much issue now-a-days about the privacy and security issues regarding Apple icloud security. Today the Palo Alto Networks has found and analyzed a new malware for iOS called “AppBuyer” that affects jailbroken iPhone, iPad and iPod touch devices. The malware is designed to steal a user’s Apple ID username and password and upload the information to the attacker’s server, at which point he can download apps from the App Store from that account.
The malware, classified as Trojan, works in three steps. First, it downloads an executable file to generate a unique UUID, then it downloads a Cydia Substrate tweak to intercept all HTTP/HTTPS sessions to steal the Apple ID credentials, and last it downloads a fake gzip utility that will login into the App Store.

It remains unclear how AppBuyer has been installed onto jailbroken iOS devices, but a handful of possibilities have been outlined. These include installation through a malicious Cydia Substrate jailbreak tweak, such as “Trojan.iOS.AdThief,” hosted in third-party repositories, through other PC malware or through a PC jailbreaking utility.

AppBuyer was originally brought to light by the WeiPhone Technical Group in May, after they remotely helped a user discover why some apps had periodically been installed onto his jailbroken iPhone. What the group discovered is two malicious files that would download, execute and delete other executable files from the web.

It is not the first time that jailbroken devices have been victimized by malware. Earlier this year, Palo Alto Networks also discovered AdThief malware that was attempting to steal ad impressions.

While the team recommends that you refrain from jailbreaking your iPhone, iPad or iPod touch to remain fully secure, it also advises using a tool like iFile or iFunBox to check for any of these files or directories to see if your device is infected by the malware:

/System/Library/LaunchDaemons/com.archive.plist
/bin/updatesrv
/tmp/updatesrv.log
/etc/uuid
/Library/MobileSubstrate/DynamicLibraries/aid.dylib
/usr/bin/gzip

As the source of these malicious files on jailbroken devices has not been determined, simply removing the above might not be enough to ensure that you are secure. If you do come across any of the files, it would probably be wise to restore your device back to factory default settings through iTunes.

Palo Alto Networks has also released URL signatures to stop the download of the malicious files mentioned above, and will soon be releasing DNS and IPS signatures as well.

Stay always updated with the latest news of Apple and jailbreak stuffs. Like us on Facebook, Follow us in twitter, and subscribe us to our YouTube Channel right now.

As you already know that Apple has released the ios 8 GM (Gold Master Edition) to developers. If you want then you can update to ios 8 GM full version Right now by registering your iPhone,iPod,iPad UDID to Apple Developer Account. We are offering instant, cheap, fast udid to registration to Apple Developer Account. So hurry up and register your device udid to Apple Developer Account now (Click here) and update to ios 8 Gm and also next any beta releases of ios 8. Get ios 8 updates before anyone gets it and keep your devices always updates to latest ios release.

Article Categories:
Apple