The iPhone jailbreak community is facing a malware threat that steals user's Apple IDs and passwords. Since the threat targets only iPhones and iPads that have been hacked to allow the installation of unauthorized apps, most users are safe.
Unflod malware steals Apple IDs from jailbroken iPhones and iPads
The malware threat, dubbed Unflod, grabs Apple ID information before it's encrypted for transfer to Apple's servers, and then transmitted to hackers. So far, security researchers have been able to identify the malware, but haven't figured out exactly where it came from.
"The malicious file can only affect jailbroken devices, and SophosLabs hasn't had any reports of 'in the wild' infections yet," said Paul Ducklin from the security research company Sophos.
It isn't a big surprise that Unflod targets jailbroken devices, meaning iPhones and iPads hacked to let users install apps that haven't been vetted by Apple's iTunes App Store. Since code can be installed that Apple hasn't approved, it's much easier to trick users into loading apps with malicious payloads.
The easiest way to avoid Unflod is by not jailbreaking your iOS device. If you already have, and you're concerned about the threat Unflod poses, you need to restore your iPhone or iPad to its unjailbroken state.