Here’s how to check for malware on a jailbroken iOS device such as an iPhone, iPad or iPod touch device. Here are the details.
There was indeed a a time when iOS was rarely preyed-on by malware and malicious apps and processes, but we’ve come a long way since then, and iOS as we know it has become pretty much susceptible to a variety of malware when jailbroken, but luckily there are ways to deal with it. One of them happens to be a manual way of identifying and fishing out suspicious processes.
Being jailbroken gives you the ability to tinker with the very core of iOS, and well, it also gives you the chance to keep an eye out on the running processes as mentioned earlier. Even better, you can kill them.
To find out how you can do all of this, simply follow our complete step-by-step guide outlined below:
Step 1: In order to be able to go through this process you are going to need to install a number of packages from Cydia onto the jailbroken device. Namely, MTerminal, adv-cmds, and a package named top. In order to do this, invoke Cydia as normal, search for the aforementioned packages, and install them as normal.
Step 2: Launch the MTerminal app. This will essentially give you command line access from the device itself. You will need to log in as the root superuser by typing in “su”, and the password.
NOTE: The default device password for this type of access is alpine. If you have changed this manually previously then the password will be whatever you have changed it to.
Step 3: When accessed as root, type in either “top” or “ps aux” and hit the enter button on the iOS keyboard to execute the command. Those commands will instantly show a full list of all running processes on the device.
NOTE: The two commands will provide similar information, with “top” giving a live list of updated processes, and “ps aux” offering up a snapshot of processes and daemons but without any updated live information or memory usage.
Step 4: The trick here is to actually look and inspect the processes running on the device. Some of them will immediately be recognizable as legitimate, whereas others may look suspicious or out of place. With those that look out of place, you will need to use the Internet to do a little bit of research on the process to ascertain what it actually is.
Step 5: If you find a process that you find out is malware or should not be on the device, then you can use the following command: KILL -<PID> and then press enter to kill it. This obviously won’t remove it, but you need to first kill it as a process and then begin researching on how to go about removing and cleaning your jailbroken device from that specific malware process.
To quit “top”, you can simply type q and then hit enter.