Beware Jailbreakers! Lock Saver Free tweak installs a trojan on your device

Lock-Saver-Free

Just recently, a jailbreak tweak surfaced on Cydia called Lock Saver Free available via ModMyi’s repo that turns off the power consuming features once your iOS device is locked. Surprisingly, the package has been found to contain a trojan that will still remain behind after you remove the tweak from your device.

The trojan hooks into Google’s AdMob banners in order to steal the revenues generated off devices that contain the tweak. Upon installing the package, it copies the trojan files to /Library/MobileSubstrate/DynamicLibraries/ directory. It also seems to collect UDIDs and send them to a remove server.

Fortunately, the package has now been removed from ModMyi but if you have already installed it on your device, we recommend that you immediately uninstall it from Cydia. Even after removing the tweak, it will still leave behind two malicious files called ‘Service.dylib’ and ‘Service.plist’. Make sure to remove these files from /Library/MobileSubstrate/DynamicLibraries/ using iFile.

Developer Alan Kerr mentions that the tweak makes /Library/MobileSubstrate/DynamicLibraries/ directory writable as it installs Service.dylib at runtime, which means that the permission changes to 777 making it writable for all users and groups. Make sure to change the permission of the directory back to 755 using iFile to prevent unauthorized files from getting installed there.

I’m surprised that the tweak managed to slip through ModMyi’s package review process before becoming available to Cydia users. If you have already installed it, head to Cydia now and remove the package as well as the two malicious files found in /Library/MobileSubstrate/DynamicLibraries/ after uninstalling Lock Saver Free. I’ll also recommend to stay away from future packages released by the same developer (Dimitar Marinov/dmarinov).