DylibSearch a new jailbreak app that helps you quickly check whether if you have got any unknown malicious tweaks, like KeyRaider, on your device. DylibSearch scans for the contents of the .dylib files contained in the filesystem’s MobileSubstrate directory of your iPhone.
It does so by checking for strings contained in malicious files, DylibSearch will quickly tell you if your iPhone is infected, or its clean. This jailbreak tweak is open source it is available through a third party repo Mordreds Beta Repository.
The Repo URL: http://wolfposd.github.io/
After adding the repo, perform a look for DylibSearch, or just open the repo folder to find the package directly. After that install DylibSearch package, Post installation you’ll find a new app icon on your iPhone Home screen.
Launch the DylibSearch app, and you’ll see a screen that lists all of the .dylib files found in /Library/MobileSubstrate/DynamicLibraries. Files that are clean will have a green colored tick mark next to the name,
while infected files will have a red ‘x’ icon.
DylibSearch will assist you to find malicious files, However it won’t actually clean them. To do so, you’ll ought to use app like iFile to navigate to the DynamicLibraries folder, and remove the files by yourself.
The recent KeyRaider attack is of type that DylibSearch can help you finding out. You can find from the open source project on GitHub, DylibSearch looks for the subsequent strings in your DynamicLibraries directory:
- wushidou
- gotoip4
- bamu
- getHanzi
These are strings that are better-known to be contained within the malicious Cydia Substrate tweaks. Obviously, there are alternate ways through which you can find malicious jailbreak tweaks, like using the command line utility grep search in the terminal, however it doesn’t get any easier & better way than this tweak.
Although the possibility that you’ve been infected is slim none if you reside outside of China and that you’ve never download shady jailbreak tweaks, this is often a great tool for quickly finding-out a possible infection, and it’ll most-likely grow as it’s fleshed out with some additional search strings.
