iKee Worm, iPhone/Privacy.A and now iBotnet.A yet another malware for iPhone is identified. The first one was iKee, such malware changed wallpaper on iPhones. The second one iPhone/Privacy.A aims to harvest personal data from iPhones. This new malware, that Intego calls iBotnet.A, is by far the most sophisticated iPhone malware yet. It is not only a worm, capable of spreading across a network, but also hijacks iPhones or iPod touches for use in a botnet. A botnet is a series of infected nodes that work together to perform a nefarious task such as overloading a website with requests, essentially shutting it down to other users (denial of service) or sending unsolicited emails (spam).
Cases of spread of these worms are becoming more frequent and are not limited to the Netherlands but also in Portugal, Hungary and Australia.iBotnet.A is the name that was given by Intego because the worm is able to enter iPhone, change the standard SSH password (alpine) and ensures total control, since you may no longer be changed.This worm connects to a server unfortunate iPhone in Lithuania which sends SMS and other data stolen also always via this link, can download additional malicious software that turns the device into a botnet that can be controlled from a far .The pirates will then use it to send spam or spread malware to steal passwords for all secure sites to which the user accesses (such as banks, PayPal, etc.).
We need to clarify that all these worms/hacks/malware can infect only those jailbroken iPhone whose SSH was turned on with the default root:alpine configuration. That doesn’t means all jailbroken iPhones are in the range of attack. A little workaround to change the default password can make safe your iPhone as normal. We published a guide to change your default password of SSH, if you missed then check Secure Your Jailbroken iPhone and Change your Default Password.