Malware Unflod.dylib steals Apple ID details by targeting jailbreak users

malware iOS img

There are so many good reasons to jailbreak your iOS device that they easily outweigh the negatives aspects, however we cannot deny the fact that jailbreaking your device can expose it to unwanted consequences. Thankfully this is not very common and if you stay away from the bad repositories and packages you can stay safe even while your device is jailbroken. These days a new malware has been discovered, which is essentially a file named Unflod.dylib that targets the jailbreak users.

The Unflod.dylib sits inside the /Library/MobileSubstrate/DynamicLibraries/ directory and hacks the SSL connection between Apple’s authentication server and the device stealing the username and password of the Apple ID entered. It then sends this valuable information to, which appears to be a Chinese website. 

Reddit user who studied this malware writes:

“Unflod.dylib seems overrides the function “SSLWrite” and captures appleId and password and their data from the raw plist data in SSL connections to Apple’s authentication server (/WebObjects/MZFinance.woa/wa/authenticate) and sends them to (a Chinese site it seems, from the error message it displays, not bashing china or anything, just based off the text the website returns).”

The origin of this suspicious file is still unknown however it is believed that it may originate from some pirate repository, although no proof of this claim has been found yet. Also, according to Reddit iPhone 5s, iPad Air and devices with 64-bit architecture are not affected.

How to check if you have Unflod.dylib on your iPhone, iPad or iPod touch and remove it

Checking the presence of this malware file on your iOS device is easy. First you need to download iFile app from Cydia, which is available for $3.99. But don’t worry as you can still download it for free and use it to find and delete Unflod.dylib even without purchasing it.

After installing iFile navigate to /Library/MobileSubstrate/DynamicLibraries/ directory. Make sure you go to the Library folder from the root directory. Just locate the Unflod.dylib file and delete it by swiping on it.

Un-Unflod tool iOS

Alternatively, you can use the handy tool by CoolStar called Un-Unflod for Windows to get rid of this malware. Please note that you will need to install ‘OpenSSH’ on your iPhone, iPad or iPod touch (available through Cydia) in order for this tool to work.

Unflod.dylib is a major malware that can make you lose your Apple ID forever. If you find this file on your jailbroken device then immediately delete it and change the password of your Apple ID as soon as possible.

We will keep you updated as soon as more details about this malware are revealed.

Disclosure: iOSHacker may receive a commission if you purchase products through our affiliate links. For more visit our privacy policy page.
Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Previous Article

Useful new tweaks: BatteryFullAlert, GroupQuiet, LockShare and Slide2Lock

Next Article

iOS 7.2 and iOS 8.0 start appearing in web logs