The Trojan In Free Jailbreak Tweak Can Steal Revenues Through Google’s AdMob

Ali Salman
Posted 1 year ago

With every iOS update, hackers begin their quest for a jailbreak which they eventually achieve. The major reason why some users choose to jailbreak is customization beyond iOS boundaries that the stock version fails to provide. From changing visual appearance of the user interface to enhancing functionality, Cydia has been a good source for providing tweaks and packages.

However, some tweaks have functionality that extends in functionality beyond their original purpose. They may be harmful and malicious to your device and not installing them is a viable option. Recently, ‘Lock Saver’ free tweak appeared on Cydia that has some adverse effect which we will be telling you about. The tweak has been made available by ModMyi’s repo that switches off battery consuming aspects of your device while it is locked.

Lock Saver Installs Malicious Files That Can Interfere With Device Permissions

However, the device is said to contain a trojan that even exists after you remove the tweak. The trojan sticks to your Google’s AdMob and steals revenues which are generated from the host device. It also collects UDIDs and sends them to a remove server destination. When a user installs the Lock Saver, the tweak copy’s trojan files to the following destination: /Library/MobileSubstrate/DynamicLibraries/ .


Developer Alan Kerr states that the tweak makes the directory (/Library/MobileSubstrate/DynamicLibraries/) writable as Service.dylib is installed at runtime. This changes the permission to 777 which initially should be 755, so in case you are infected you would have to change it back. You can change the permission using iFile if you want to halt any untrusted and unauthorized files from being installed automatically.

Cydia Store Enabled For iOS 9.3.3, Adds One Day Refund Service

If you have Lock Saver installed, remove it immediately. After you do so, the free tweak leaves behind two malicious files namely, ‘Service.plist’ and ‘Service.dylib’. You will have to iFile to remove these files from the following location: /Library/MobileSubstrate/DynamicLibraries/ . Good for us the free tweak has been removed from ModMyi’s repo and we would recommend users not to install it. This is it for now, folks. Let us know in the comments section below if your jailbroken device has been infected with the Lock Saver trojan.

Share on Facebook Share on Twitter Share on Reddit