New Worm Targets Jailbroken iPhones

In a recent blog post, Sophos’ Paul Ducklin sounds the alarm over a new piece of iPhone malware that apparently uploads stolen data to a Lithuanian server, while each device is assigned a unique ID as a reference for the attackers. Although the intent of the worm is yet unclear, the virus apparently searches for mTANs authentication messages which contain one-time passwords for bank logins.

“I was on my way back from Manila whilst my chums were blogging, so I can only add a johnny-come-lately post to what they've already said, but at least I have some useful news: the new root password on infected iPhones,” reads Ducklin’s introduction. “Unlike Ikee, which maliciously turned off SSH after it had broken in [...] the Duh virus changes the root password but leaves SSH running. So you are close to being able to log in and remove the virus, but no cigar,” he explains.

“The password is changed by rewriting its hashed value in /etc/master.passwd, not by running the passwd command with the new password in plaintext,” Ducklin continues. “This shields the value of the new password, so that the cybercrooks know what it is, but you don't.” The security expert then reveals that, after some digging up, the new password has been uncovered. With the worm only infecting those who escaped Ikee infection (no SSH) yet didn't change their root ‘alpine’ password, jailbroken iPhone users are advised to change their root password.

Ducklin also notes that the worm changes any password which is currently 'alpine', therefore some users may need to adjust their accounts as well. According to other sources covering the topic, owners of jailbroken iPhones that got infected may notice extremely short battery life when connected to Wi-Fi networks.

Softpedia doesn't condone jailbreaking / unlocking the iPhone / iPod touch or any other device. This article has a purely informational purpose and doesn't, in any way, suggest that you should hack your Apple device. Using hacks may render your device unusable, or may reduce the quality of your experience using the respective device. If you choose to download and install jailbreak tools, you will do so at your own risk. Unlocking / jailbreaking your iPhone / iPod touch may violate your warranty or the EULA with Apple and / or your cellular-service provider.