Threat Explorer

The Threat Explorer is a comprehensive resource consumers can turn to for daily, accurate, up-to-date information on the latest threats, risks and vulnerabilities.

IOS.Muda

IOS.Muda

Updated:
October 12, 2015
Infection Length:
Varies
Risk Impact:
Low
Systems Affected:
iOS

Behavior

IOS.Muda is an adware program for jailbroken iOS devices that displays advertisements on the device.

Antivirus Protection Dates

  • Initial Rapid Release version October 09, 2015
  • Latest Rapid Release version September 22, 2016 revision 024
  • Initial Daily Certified version October 09, 2015
  • Latest Daily Certified version September 22, 2016 revision 025
  • Initial Weekly Certified release date October 14, 2015
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
The program must be installed manually from the Cydia third-party app store and can only be installed on jailbroken iOS devices.

Once executed, the program connects to the following remote locations over TCP port 7001:
  • a.iosappua.info
  • a.iosappmm.info

It also connects to the following remote location over TCP port 5321:
  • iosapi.iosappua.info

The program displays advertisements over other applications or in the notification bar.

The program uses the Cydia Substrate framework in order to display advertisements over other applications by hooking UIkit events.

The program will not display advertisements over the following applications:
  • com.apple
  • tencent
  • baidu
  • AlipayGphone
  • taobao
  • alibaba
  • 360
  • sina
  • com.apple
  • teiron
  • com.ali
  • com.ccb
  • com.icbc
  • com.cmbchina
  • com.pingan
  • 91
  • sohu
  • bank
  • com.immomo.momo
  • cn.com.fetion
  • com.taobao.taobao
  • com.eg.android.AlipayGphone
  • com.taobao.wangxin
  • com.xiaomi.channel
  • com.sina.weibo
  • jp.naver.line.android
  • com.snda.youni
  • cn.goapk.market
  • com.qihoo.appstore
  • com.tencent.android.qqdownloader
  • com.hiapk.marketpho
  • com.dragon.android.pandaspace
  • com.wandoujia.phoenix2
  • com.android.vending
  • com.aspire.mm
  • cn.emagsoftware.gamehall
  • com.egame
  • com.eshore.ezone
  • com.ct.client
  • com.infinit.wostore.ui
  • com.qihoo360.mobilesafe
  • com.qihoo360.mobilesafe_mtk6573
  • cn.opda.a.phonoalbumshoushou
  • com.tencent.qqpimsecure
  • com.ijinshan.mguard
  • com.lbe.security
  • com.baidu.security
  • com.baidu.passport.securitycenter
  • com.blovestorm
  • com.cootek.smartdialer
  • com.dianxinos.dxbb
  • com.greenpoint.android.mc10086.activity
  • com.sinovatech.unicom.ui
  • com.busihall.yd
  • com.youku.phone
  • com.youku.pad
  • com.qiyi
  • com.tencent.qqlive
  • com.sohu.sohuvideo
  • com.sohu.newsclient
  • com.UCMobile
  • com.tencent.mtt
  • com.autonavi.minimap
  • com.dianping.v1
  • com.dianping.t
  • com.jb.gosms
  • com.hfx.bohaojingling
  • com.cm.app
  • com.mowo.ibohao
  • com.peasdialartifact
  • cn.ffcs.wisdom.city