“This malware appears to have Chinese origin and comes as a library called Unflod.dylib that hooks into all running processes of jailbroken devices and listens for outgoing SSL connections. From these connections it tries to steal the device’s Apple-ID and corresponding password and sends them in plaintext to servers with IP addresses in control of US hosting companies for apparently Chinese customers. Users of reddit have made this malware available to the public, which allowed SektionEins to perform an analysis of this threat. However so far only the malware itself has been found and until now it is unknown how it ends up on jailbroken phones. Rumours that Chinese piracy repositories are involved are so far unverified” states a post published by SektionEins security firm which analyzed the malicious agent.

$ codesign -vvvv -d Unflod.dylib
Executable=./Unflod.dylib
Identifier=com.your.framework
Format=Mach-O thin (armv7)
CodeDirectory v=20100 size=227 flags=0x0(none) hashes=3+5 location=embedded
Hash type=sha1 size=20
CDHash=da792624675e82b3460b426f869fbe718abea3f9
Signature size=4322
Authority=iPhone Developer: WANG XIN (P5KFURM8M8)
Authority=Apple Worldwide Developer Relations Certification Authority
Authority=Apple Root CA
Signed Time=14 Feb 2014 04:32:58
Info.plist=not bound
Sealed Resources=none
Internal requirements count=2 size=484

The the signature date is the 14th of February of this year, probably the Unflod Baby Panda is being around without being discovered in the last months.

The researchers noted that it is possible to manually remove Unflod Baby Panda

• Download the iFile app for free from Cydia and by using iFile, check whether your device is affected by the malicious software or not.
• Navigate to /Library/MobileSubstrate/DynamicLibraries/
• If you spot any files named Unflod.dylib or Unflod.plist and/or framework.dylib and framework.plist then you have been affected.
• Use iFile to delete Unflod.dylib and Unflod.plist and/or framework.dylib and framework.plist
• Reboot your device and then change your Apple ID password and security questions immediately and just to be on safe side, use two-step verification method and avoid installing apps from untrusted sources.