How to stop the UnFlod Baby Panda malware infecting your iPhone

Baby PandaHere is today's question:

    How can I stop the UnFlod Baby Panda malware infecting my iPhone? I've heard that the malicious app can steal the Apple ID from my iPhone, so I would like to protect it.

I love questions like this, because there's a really easy answer:

    Don't jailbreak your iPhone in the first place.

German security researchers at SektionEins have published what it calls a "quick and dirty analysis" of the new iOS malware, which can steal infected devices' Apple ID and corresponding password, sending them in plaintext to the remote hackers.

The threat is thought to have existed since mid-February, but only came to general attention after a Reddit thread sprung up in the last few days.

It's important to note that UnFlod Baby Panda can only infect jailbroken iPhones, and has not been seen distributed in the official iOS App Store. You can only install apps from unofficial app stores like Cydia if you jailbreak your iPhone or iPad.

That's one of the reasons why the Android platform is plagued with new malware variants every day, whereas threats for iOS are so rare.

Call them control-freaks but there's no denying that Apple's walled garden and the steps it has taken to make jailbreaking tricky have helped keep malware away from many millions of iPhone and iPad users.

I don't have a problem with people who do want to jailbreak their iPhones and iPads. After all, they've spent a lot of money buying an expensive gadget - they should be able to do what they want with it.

But there's no doubt that you are exposing yourself to greater risks if you go down the jailbreaking route.

Stefan Esser, the security researcher who wrote the blog post for SektionEins, wrote on Twitter that he expected to see more malware targeting jailbroken iPhones and iPads in future.

Instructions have been posted online for anyone who wants to remove the malware from their jailbroken iPhone by hand.

Which just leaves one more burning question. Why is the malware called "Unflod Baby Panda"?

The Unflod bit is simple - the malware incorporates a malicious file called Unflod.dylib (presumably a deliberate typo from "Unfold").

And the "Baby Panda"? Well, that appears to have emerged from a Twitter conversation between Esser and fellow researcher Dino Dai Zovi about how to get some PR attention for the threat.

Clearly, security researchers have noticed the attention that Heartbleed received with a sexy name and a media-friendly graphic.

Of course, Apple doesn't allow proper anti-virus software into the iOS App Store - which means that owners of non-jailbroken iPhones and iPads are stuffed when it comes to anti-virus protection. However, the good news is that Apple's control-freakery has also made malware on such devices as rare as hen's teeth.

So, if you want to scan your iPhone or iPad, you'll need to install software that lets you access the files on iDevice remotely so you can scan them with an anti-virus on your desktop or laptop computer.

By the way, if you want to see a list of what some anti-virus products can detect the malware as (should it pass through a desktop/laptop computer at least), check out VirusTotal.

None of them are calling the malware "Unflod Baby Panda" (Sorry Stefan).

Tags: , , , , , , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, , , , , , ,

No comments yet.

Leave a Reply