Research company Palo Alto Networks found a malicious application AppBuyer, aimed at users of the iPhone and the iPad. Trojan steals accounts Apple ID and password from mobile devices subjected to the procedure of jailbreak.
Name Developer AppBuyer, as the number of infected gadgets is not called. According to the researchers, the virus spreads to the expansion Cydia Substrate, and then initiates the download EXE-file, generating a unique identifier UUID, download a special tweak to steal your Apple ID and password, as well as a utility to enter the App Store and purchase applications.
After examining the code and debug information, which leaves malware, experts have found out that the program works in the background and detect its presence is difficult. AppBuyer leaves files in five places:
- /System/Library/LaunchDaemons/com.archive.plist
- / Bin / updatesrv
- /tmp/updatesrv.log
- / Etc / uuid
- /Library/MobileSubstrate/DynamicLibraries/aid.dylib
- / Usr / bin / gzip
How does the Trojan gets on users' mobile devices in Palo Alto Networks has not yet figured out. Deleting files of the program leads to the cessation of work AppBuyer.
All users of jailbroken iPhone and iPad security experts recommend using only trusted source, since it is likely that the infection occurs when connecting to Cydia pirate repositories.
AppBuyer - not the first virus for the iPhone and iPad, which became known recently. Trojan AdThief, discovered in August, has infected more than 75,000 iOS-devices with jailbreak. This malware is distributed with the extension Cydia Substrate, and then changes the advertisements appearing in free applications. Money for the ads, paid application developers are redirected to the account hackers.