Beware Jailbreakers! Lock Saver Free tweak installs a trojan on your device

The tweak in question, Lock Saver Free, is a tweak that we featured in our new tweaks of the week video last night. Lock Saver Free was published by developer dmarinov, and is unfortunately still available for download on ModMyi as of this post.

The trojan hooks into Google’s AdMob banners in order to steal the revenues generated off devices that contain the tweak. Upon installing the package, it copies the trojan files to /Library/MobileSubstrate/DynamicLibraries/ directory. It also seems to collect UDIDs and send them to a remove server.

If you installed Lock Saver Free, you should immediately uninstall the tweak and navigate to /Library/MobileSubstrate/DynamicLibraries/ and delete the two offending files: Service.dylib and Service.plist. Even if you uninstall the tweak, it will still leave those two files behind, so you’ll have to manually delete them.

As developer Allan Kerr explains, because the tweak downloaded Service.dylib at runtime it made /Library/MobileSubstrate/DynamicLibraries/ writeable to all users. The /Library/MobileSubstrate/DynamicLibraries/ directory should have the permissions 755, but due to this tweak, the permissions are changed to 777, which means writable for all users and groups.

The permissions for /Library/MobileSubstrate/DynamicLibraries/ should be changed back to 755 to prevent processes from adding files to this directory.
At any rate, if you happened to download this package, you’ll need to take the steps outlined above to remove the trojan.

What do you think? We’ll have more information about this issue as it becomes available.


blog comments powered by Disqus
Octofinder Blog Catalog