IOS.Muda

IOS.Muda

Updated:
12 October 2015
Infection Length:
Varies
Risk Impact:
Low
Systems Affected:
iOS

Behavior

IOS.Muda is an adware program for jailbroken iOS devices that displays advertisements on the device.

Antivirus Protection Dates

  • Initial Rapid Release version 09 October 2015
  • Latest Rapid Release version 23 March 2018 revision 009
  • Initial Daily Certified version 09 October 2015
  • Latest Daily Certified version 23 March 2018 revision 019
  • Initial Weekly Certified release date 14 October 2015
Click here for a more detailed description of Rapid Release and Daily Certified virus definitions.
The program must be installed manually from the Cydia third-party app store and can only be installed on jailbroken iOS devices.

Once executed, the program connects to the following remote locations over TCP port 7001:
  • a.iosappua.info
  • a.iosappmm.info

It also connects to the following remote location over TCP port 5321:
  • iosapi.iosappua.info

The program displays advertisements over other applications or in the notification bar.

The program uses the Cydia Substrate framework in order to display advertisements over other applications by hooking UIkit events.

The program will not display advertisements over the following applications:
  • com.apple
  • tencent
  • baidu
  • AlipayGphone
  • taobao
  • alibaba
  • 360
  • sina
  • com.apple
  • teiron
  • com.ali
  • com.ccb
  • com.icbc
  • com.cmbchina
  • com.pingan
  • 91
  • sohu
  • bank
  • com.immomo.momo
  • cn.com.fetion
  • com.taobao.taobao
  • com.eg.android.AlipayGphone
  • com.taobao.wangxin
  • com.xiaomi.channel
  • com.sina.weibo
  • jp.naver.line.android
  • com.snda.youni
  • cn.goapk.market
  • com.qihoo.appstore
  • com.tencent.android.qqdownloader
  • com.hiapk.marketpho
  • com.dragon.android.pandaspace
  • com.wandoujia.phoenix2
  • com.android.vending
  • com.aspire.mm
  • cn.emagsoftware.gamehall
  • com.egame
  • com.eshore.ezone
  • com.ct.client
  • com.infinit.wostore.ui
  • com.qihoo360.mobilesafe
  • com.qihoo360.mobilesafe_mtk6573
  • cn.opda.a.phonoalbumshoushou
  • com.tencent.qqpimsecure
  • com.ijinshan.mguard
  • com.lbe.security
  • com.baidu.security
  • com.baidu.passport.securitycenter
  • com.blovestorm
  • com.cootek.smartdialer
  • com.dianxinos.dxbb
  • com.greenpoint.android.mc10086.activity
  • com.sinovatech.unicom.ui
  • com.busihall.yd
  • com.youku.phone
  • com.youku.pad
  • com.qiyi
  • com.tencent.qqlive
  • com.sohu.sohuvideo
  • com.sohu.newsclient
  • com.UCMobile
  • com.tencent.mtt
  • com.autonavi.minimap
  • com.dianping.v1
  • com.dianping.t
  • com.jb.gosms
  • com.hfx.bohaojingling
  • com.cm.app
  • com.mowo.ibohao
  • com.peasdialartifact
  • cn.ffcs.wisdom.city
`