How to check if your jailbroken iOS device is infected with WireLurker malware


Yesterday, a research paper brought to light a new malware called ‘WireLurker’ that is infecting iOS devices and Macs in China. The malware can infect both jailbroken and non-jailbroken devices when connected to an infected Mac through USB.

If you’re jailbroken, you can easily check if you’ve been infected with WireLurker by following these steps:

  • Open iFile or SSH into your iOS device.
  • Navigate to /Library/MobileSubstrate/DynamicLibraries
  • If you see a file called sfbase.dylib then you likely are infected. If not, then you’re safe.

Apple issued a statement on WireLurker this morning saying that it is blocking apps that are identified to be the source of this malware, and added that users should only install Mac and iOS apps from trusted sources.

While the intentions of this malware are not yet known, it could siphon off your personal and private data to third-party servers for malicious use.

If you haven’t jailbroken your iOS device on iOS 8 – iOS 8.1 yet, then check out our guide for the step-by-step instructions.

How to Jailbreak iOS 8 – iOS 8.1 on Windows

How to Jailbreak iOS 8 – iOS 8.1 on Mac using a virtual machine

[via reddit]

Like this post? Share it!

  • TallPandaMan

    This is definitively ONLY in China, correct?

  • NickAnt

    just checked ….everything seems fine
    love you jailbreak , love you pangu team

  • Jan

    I’d like to check but iFile doesn’t work for iOS 8 yet, yep just managed to download the last version, thanks guys

    • Wizkid

      Yes it does

    • Retribution1888

      Yes it does, I have it on mine version number works fine and been messing in my root

  • Kevin McCarthy

    Cheers, I’m clear…

  • bestman50

    Checked both my iPad mini and iphone6 both ok, so if you get infected does any one know how to fix it? And yes ifile is working on both my devices. Can you just do a recovery?

  • Police

    Im safe 😉

  • Gorkon

    Open a terminal and

    cd /
    cd Library/MobileSubstrate/DynamicLibraries
    ls s*

  • Sean

    I don’t see “MobileSubstrate/DynamicLibraries” in the /Library/ does that mean my I’m safe?

    • Jon

      I don’t see it either.

    • Mohamed

      go back to (/) then go to Library/MobileSubstrate/DynamicLibraries

  • Jru

    Tried installing ifile and mobileterminal but they’re not showing on homescreen.

  • Drew

    Yes! I’m clean!

  • Tune Noureddin

    my device is infected i think
    how am ,i suppose to fix this
    i just deleted that folder .. but i don’t think that would be enough
    any ideas ?

  • Abel Goddard

    Not clear: is it only if I connect to an infected Mac? Since I never connect to a Mac, I feel safe, but the article isn’t definitively saying ONLY Mac.

  • gaucho

    thank you

  • David Hunt

    I still haven’t seen confirmation yet that that Pangu is totally safe and doesn’t install malware! I’ve restored my phone until I can be sure. I just want to play it safe.

  • catharina

    Plese helpl!!!! Ive just jailbroken using pangu and came with cydia, i opened and lots of apps were gone like; safari, contacts, sttings, itunes, app store, music, clock the only app that came with the iphone that wasnt deleted was weather… PLS HELP, I CAN NOT RESTORE MY PHONE CUZ I DO NOT HAVE SETTINGS