Jailbroken iPhones are being hit, mainly in China, with a new iOS trojan called TinyV, according to several industry experts.
Security researcher Graham Cluley blogged on Intego that Chinese owners of jailbroken iPhones are unknowingly downloading TinyV into their phones through third-party apps. Palo Alto Networks reported some of the apps involved are Watermelon Player, Youku and iQiYi. In each case the app was advertised as a free way to play a game or watch pirated videos for free.
Once on board the phone, TinyV goes to work.
“Using a complicated combination of APIs, PLIST tricks and code hooks, the malware downloads further code from the Internet — installing unwanted applications onto your iPhone or iPad. Currently, victims are having the XZ Helper (????) jailbreak tweak surreptitiously installed onto their iDevice by the malware,” Cluley wrote.
Cluley and Palo Alto said not using a jailbroken iPhone and third-party apps are the best methods to avoid TinyV.