iJailbreak | Jailbreak And iOS News

iJailbreak is an online resource for jailbreak and unlock iPhone, iPad, iPod Touch, Apple TV and iOS news.

How To Check For The KeyRaider Malware

by Leave a Comment

You may have heard, by now, of a report claiming that 220,000 iCloud accounts in China were breached on jailbroken devices. The breach came via a malware called KeyRaider, which is installed with a tweak from Cydia. Why is this bad? Well, if someone has access to your iCloud, they have access to your iTunes information, your contacts, your photos, and possibly anything else you use with your iCloud account.

Luckily there is a new tweak in Cydia to help you find out if you have been affected by KeyRaider. This new tweak, called DylibSearch, will search through all your dylib bundles and identify any any strings known to be infected by KeyRaider.

IMG_0168

As you can see from the screenshot above, my list turned out to be fine, but if you do have an infected file, it would presumably be marked with a red “X”. Then you can uninstall the guilty tweak, in Cydia, or use iFile to go to /Library/MobileSubstrate/DynamicLibraries, and manually remove the dylib file.

How To Install DyLib Search

This tweak is not available in the regular repositories, so you’ll have to add a new one. Simply open Cydia and tap “Sources” on the bottom of the screen. Then tap the “+” icon at the top. You should see a field pop up to input the new repo. Add this repo to the field:

http://wolfposd.github.io

FullSizeRender

Once that has fully installed, tap the new repo from your sources list, and then tap the “Apps” folder. You should see a new app called “DylibSearch”. Just tap install, like you would anything else from Cydia.

IMG_0171

Once the installation is finished, you will see a new app on your home screen.

IMG_0170

Tap to open it, like any other app. It will automatically search for the unwanted files. There are no other configurations to set up. If the app does find an infected file, you’ll want to uninstall it immediately, from in Cydia, or use iFile to go to /Library/MobileSubstrate/DynamicLibraries, and manually remove them. You will also want to change your iCloud password, just in case this information was obtained from your device.

Hopefully, (and most likely) you are all safe from this attack, as is mainly affected iCloud accounts in China. At least there is a way to be sure. Let us know your findings, in the comment below.

Leave a Reply

Your email address will not be published.