Eng
  1. Skip to navigation
  2. Skip to content
  3. Skip to sidebar


Trojan-Spy:iPhoneOS/SSLCredsThief.A


Aliases:


Unflod Baby Panda

Malware
Trojan-Spy
iPhoneOS

Summary

Trojan:iPhoneOS/SSLCredsThief.A listens to the outgoing SSL connections from a jailbroken iPhone in order to steal the device's Apple ID.



Disinfection & Removal

Allow F-Secure Anti-Virus to disinfect the relevant files.

For more general information on disinfection, please see Removal Instructions.



Technical Details

Known in the media as 'Unflod Baby Panda', Trojan:iPhoneOS/SSLCredsThief.A is a trojan that was first reported by reddit users and appears to target users of jailbroken iPhones. The source of the trojan is currently unknown, though analysis of the code appears to point to Chinese origins.

The malware itself is a library file named Unflod.dylib that's signed with an Apple-issued developer's signature. Once installed and running, the library hooks all running processes and listening to outgoing SSL connections in order to find and steal the device's Apple-ID; this information, as well as the corresponding password, is forwarded to a remote server. For more information, see:

SSLCredsThief.A only works on jailbroken iOS devices; unmodified devices are not affected.







Submit a sample




Wondering if a file or URL is malicious? Submit a sample to our Lab for analysis via the Sample Analysis System (SAS)

Give And Get Advice




Give advice. Get advice. Share the knowledge on our free discussion forum.

Scan and clean your PC




F-Secure Online Scanner will scan and clean your PC in just a few minutes for free