How to Check the iPhone for Unflod Baby Panda Malware

Malware targeted at iPhones doesn't come around too often, however this doesn't mean it's nonexistent. The latest threat, dubbed "Unflod Baby Panda" targets jailbroken iOS devices, collecting Apple ID and password information and sending it to servers in China. The malware only affects jailbroken devices, and is thought to have originated on unofficial Chinese repositories distributing pirated apps.

check for Unflod Baby Panda

First off, if your iPhone is not jailbroken, go play Hearthstone and forget about Unflod forever. Jailbreakers will want to follow the steps below to check for infection. If the device is not affected by Unflod, users can keep it that way by avoiding pirated apps and untrusted repos on Cydia. Should Unflod Baby Panda exist on your iOS device, continue reading to clean the malware and secure your Apple ID.

To check for Unflod Baby Panda using iFile:

1. If you have installed iFile from Cydia open the app and navigate to this directory:

/Library/MobileSubstrate/DynamicLibraries/.

2. Scroll down, checking for the files Unflod.dylib and Unflod.plist. In the screenshot above, these files would be listed in alphabetical order between TinyGridPlus.plist and WinterBoard.dylib.

3. If the Unflod files exist, your device is affected. Using iFile, swipe left on each of the Unflod files in the list and tap the Delete button. This will remove the malware files from your device.

4. Once Unflod is removed from your system, reset your Apple ID password for security. Review your account to make sure no suspicious or unauthorized activity has occurred. Switching on two-step verification can help provide extra peace of mind.

To check for Unflod Baby Panda using SSH:

1. Connect to the iPhone using SSH on a computer. For help configuring the iPhone for SSH or connecting from a computer click here.

2. Enter the following command at the prompt:

ls /Library/MobileSubstrate/DynamicLibraries/.

3. Check the list of files for Unflod.dylib and Unflod.plist. If these exist your device is affected. To remove the malware files from your device enter this command:

rm /Library/MobileSubstrate/DynamicLibraries/Unflod.*

4. Once Unflod is removed from your system, reset your Apple ID password for security. Review your account to make sure no suspicious or unauthorized activity has occurred. Switching on two-step verification can help provide extra peace of mind.

Unflod Baby Panda is still under investigation and Cydia creator Saurik is asking those affected to follow these additional steps before cleaning their devices, to help track down the malware. Check back here and on Cydia for updates, as developers are likely to release more information and software to protect against Unflod on jailbroken devices.