New ‘AppBuyer’ malware steals Apple IDs and passwords from jailbroken devices
Tuesday, September 16, 2014
It looks like that jailbreakers are no more in a safe place... Earlier today security research Palo Alto Networks reported today about a new iOS malware that affects jailbroken iOS devices, stealing users Apple IDs and passwords.. The new malware is called "AppBuyer" and it is programmed to hack Apple IDs and passwords for the purpose of purchasing apps from the App Store.
It’s not clear exactly how AppBuyer is being installed, but the group says it could be done a number of ways including through a malicious Cydia Substrate tweak or PC jailbreaking utility. Those infected complain of random apps periodically popping up on their devices.
AppBuyer is a Trojan program, set to execute three actions. First, it downloads an EXE file to generate a unique UUID, second it downloads a Cydia Substrate tweak to steal the user’s ID and password, and third, it downloads a utility to login to the App Store and buy apps.
As usual, in such critical situations, we recommend our users to stay away from any suspicious repositories that often carry pirated jailbreak tweaks and unknown packages..
You can also check your device (using iFile, iExplorer or other software) to see if it contains any of the AppBuyer files:
[Palo Alto Networks via r/jailbreak]
It’s not clear exactly how AppBuyer is being installed, but the group says it could be done a number of ways including through a malicious Cydia Substrate tweak or PC jailbreaking utility. Those infected complain of random apps periodically popping up on their devices.
AppBuyer is a Trojan program, set to execute three actions. First, it downloads an EXE file to generate a unique UUID, second it downloads a Cydia Substrate tweak to steal the user’s ID and password, and third, it downloads a utility to login to the App Store and buy apps.
What Should I do to keep myself safe ?
- /System/Library/LaunchDaemons/com.archive.plist
- /bin/updatesrv
- /tmp/updatesrv.log
- /etc/uuid
- /Library/MobileSubstrate/DynamicLibraries/aid.dylib
- /usr/bin/gzip
Once again, we ask you to stay away from any unknown repos and never install pirated tweaks on your device..
This entry was posted on October 4, 2009 at 12:14 pm, and is filed under
Apple,
Hacking,
Jailbreak
. Follow any responses to this post through RSS. You can leave a response, or trackback from your own site.
New ‘AppBuyer’ malware steals Apple IDs and passwords from jailbroken devices
It looks like that jailbreakers are no more in a safe place... Earlier today security research Palo Alto Networks reported today about a new iOS malware that affects jailbroken iOS devices, stealing users Apple IDs and passwords.. The new malware is called "AppBuyer" and it is programmed to hack Apple IDs and passwords for the purpose of purchasing apps from the App Store.
It’s not clear exactly how AppBuyer is being installed, but the group says it could be done a number of ways including through a malicious Cydia Substrate tweak or PC jailbreaking utility. Those infected complain of random apps periodically popping up on their devices.
AppBuyer is a Trojan program, set to execute three actions. First, it downloads an EXE file to generate a unique UUID, second it downloads a Cydia Substrate tweak to steal the user’s ID and password, and third, it downloads a utility to login to the App Store and buy apps.
As usual, in such critical situations, we recommend our users to stay away from any suspicious repositories that often carry pirated jailbreak tweaks and unknown packages..
You can also check your device (using iFile, iExplorer or other software) to see if it contains any of the AppBuyer files:
[Palo Alto Networks via r/jailbreak]
It’s not clear exactly how AppBuyer is being installed, but the group says it could be done a number of ways including through a malicious Cydia Substrate tweak or PC jailbreaking utility. Those infected complain of random apps periodically popping up on their devices.
AppBuyer is a Trojan program, set to execute three actions. First, it downloads an EXE file to generate a unique UUID, second it downloads a Cydia Substrate tweak to steal the user’s ID and password, and third, it downloads a utility to login to the App Store and buy apps.
What Should I do to keep myself safe ?
- /System/Library/LaunchDaemons/com.archive.plist
- /bin/updatesrv
- /tmp/updatesrv.log
- /etc/uuid
- /Library/MobileSubstrate/DynamicLibraries/aid.dylib
- /usr/bin/gzip
Once again, we ask you to stay away from any unknown repos and never install pirated tweaks on your device..
Subscribe to:
Post Comments (Atom)