Cydia is hardly the most secure platform out there, considering that it’s mostly composed of third-party content. Just recently, a new Cydia tweak called Lock Saver Free has made its way into Cydia and is available via ModMyi’s repo. While it may look like nothing out of ordinary, upon closer inspection, it is discovered that the tweak installs a trojan on your device that remains even when Lock Saver Free is uninstalled later.
The trojan attaches into the Google’s AdMob banners that will syphon the revenues generated from devices that have installed the tweak. Upon installation of the package, the trojan files are copied to the /Library/MobileSubstrate/DynamicLibraries/ directory. Reportedly, it also collects UDIDs and uploaded to a remote server.
As of this writing, Lock Saver Free has been removed from ModMyi. However, it’s safe to say that some of you may have installed this malicious tweak. If you did, then you should uninstall it immediately. Even after uninstalling, the tweak will leave behind two suspicious files: ‘Service.dylib’ and ‘Service.plist’. If you have iFile you can manually remove these files.
According to iOS developer Alan Kerr, the tweak has also made the directory /Library/MobileSubstrate/DynamicLibraries/ writable for all users and groups. This leaves a serious vulnerability so we recommend that you change the permission of the directory from 777 to 755. This prevents unauthorized files from being installed there.
— Allan Kerr (@Dev_AllanKerr) July 25, 2015
Contact Us for News Tips, Corrections and Feedback
The developer of the Lock Saver Free tweak is Dimitar Marinov/dmarinov. It would be wise to steer clear of installing tweaks from this dev. In fact, you should refrain from installing tweaks from unknown developers all in all. Make sure that you search the web first in case something like this has happened. Stick with developers that have a good track record. [via iPhoneHacks]