The popular Lock Saver Free jailbreak tweak from ModMyi repo, which is created by developer Dimitar Marinov (aka dmarinov), has reportedly been infected with a resident Trojan that stays behind even after removing the offending tweak from the device.
The Lock Saver tweak comes in handy for disabling power-hungry features, whenever your iOS device is idle or enters lockscreen mode.
According to iPhone Hacks, the Trojan locks on to Google's AdMob banners to steal revenues generated off devices that contain this tweak.
It is reported that the affected package copies the Trojan files during installation to /Library/MobileSubstrate/DynamicLibraries/ directory, while also collecting sensitive device information such as UDIDs and sends them to a remote server.
Those who have unknowingly installed this tweak are advised to uninstall the same via Cydia and also remove the two offending malicious files, Service.dylib and Service.plist, from the directory path: /Library/MobileSubstrate/DynamicLibraries/ using iFile.
It is ascertained that the Lock Saver tweak allows Service.dylib to install itself at runtime or during installation by making the /Library/MobileSubstrate/DynamicLibraries/ directory writable, as it changes the permission to 777 in order to enable write access for all users and groups logged into the device.
Consequently, affected users are advised by developer Allan Kerr to change the permission of the directory back to 755 via iFile to prevent unauthorised and malicious files from being installed into the Mobile Substrate's Dynamic Libraries directory.
How to remove the Trojan files and traces of Lock Saver Free app completely
Here are three simple steps to completely get rid of the tweak and the Trojan files, if you have installed Lock Saver Free on your iOS device:
- Uninstall Lock Saver Free
- Remove the package from the Sources list in Cydia
- Manually delete the two files Service.dylib and Service.plist from /Library/MobileSubstrate/DynamicLibraries/
- Run a complete anti-virus and anti-malware scan to remove any final traces of infection from your affected device
[Source: iPhone Hacks]