User Tag List

  1. Pokepasa's Avatar
    Hi all

    I just discovered today that there is some adware/malware in Cydia, from at least one of the free programs made by Nobitazzz.

    Since I installed the app called "iOS 6 Photos Menu" my iPhone started to download/upload a lot of Mb, regardless by Wifi or 3G.

    I will not bore you with all the things I did to discover which app was the problem, but I will show you this images:

    New adware/malware found in Cydia-httprequets.jpgNew adware/malware found in Cydia-nobitazzz.jpgNew adware/malware found in Cydia-ptp4ever.jpg

    This are captures of my traffic from iPhone to internet during 5 minutes WHEN IT WAS LOCKED. Here you can see that the iPhone was calling, 3723 times, pages for ads.

    And you can see that the page ptp4ever.net is paying Nobitazzz as the 3th most ranked user of its web, based on clicks.

    But all this happens with total disregard of the user, and without any notice.

    All this is unfair, for the user because of the waste of MB from his data plan, but more for the publicists that are paying for clicks and ads that no one see, because all this happens in a second plane.

    I have uninstalled this app and no more calls to ptp4ever.net were done until now. In any case I will continue watching my traffic in the next days to ensure that all is clean. If not, I will need to reinstall iOS.

    So, BE CAREFUL, YOU CAN INSTALL ADWARE without knowing it.

    If some one need the log I made with Wireshark to analyze this info, I can send it.

    I tried to communicate with Saurik to tell him this, but I could only send him a message on Twitter (I didn't find another contact).
    2012-08-08 01:07 AM
  2. H4CK3R's Avatar
    You can normally contact him at his email, [email protected] or you can contact britta. They both get to it ASAP so I can guarantee it won't be there for long.

    Sad to see this happening.
    2012-08-08 01:40 AM
  3. brittag's Avatar
    Thanks for keeping an eye out.

    The usual method for reporting problems is to tap "Author" at the top of the package page in Cydia, where you'll see options for emailing the developer, the repository manager, and saurik. Emailing all three can be appropriate for significant problems.

    We'll talk to this developer - it's not OK to sneakily fetch ads in the background.
    2012-08-08 02:43 AM
  4. Pokepasa's Avatar
    The usual method for reporting problems is to tap "Author" at the top of the package page in Cydia, where you'll see options for emailing the developer, the repository manager, and saurik. Emailing all three can be appropriate for significant problems.
    I saw the option to talk Author and Repository Manager. The author email was [email protected], but unfortunately my hotmail account throwed a delivery error to this account.

    It will be great if you can contact developer. It will be very dangerous that Cydia begins to have malicious software, because it can dramatically lower confidence on it.

    We must be vigilant, Cydia is the key for all of us to have a little freedom on our favorite mobile OS.

    Will you contact Saurik directly or must I write him?
    2012-08-08 10:03 AM
  5. Pokepasa's Avatar
    Duplicated
    Last edited by Pokepasa; 2012-08-08 at 11:04 PM. Reason: Duplicated post, sorry
    2012-08-08 10:33 AM
  6. brittag's Avatar
    I have already talked to saurik, the repository manager, and this developer (his email address works OK for me). The developer said his product would no longer sneakily fetch ads. I'll keep an eye out for further reports of trouble. Thanks again!
    2012-08-08 09:56 PM
  7. Pokepasa's Avatar
    Ok, perfect. This confirm all my investigation and closes this episode.

    Today no suspictious traffic in my iPhone. All seems to be right.
    2012-08-08 11:07 PM
LINK TO POST COPIED TO CLIPBOARD