TrollStore is an amazing utility that lets users perma-sign any .ipa or .tipa file as an app on their iPhone or iPad on certain firmware susceptible to a CoreTrust exploit without a computer.
As powerful as TrollStore is, it unfortunately doesn’t discriminate against potentially malicious apps that an end user might install on their device. For example, there is a post-exploitation framework called SeaShell that lets an attacker remotely access, control, and extract information from a victim’s device after an infected app receives its entitlements from TrollStore
The SeaShell attack, developed by EntySec, is relatively rare as a lot of TrollStore apps are open-source on GitHub and therefore developers are generally transparent about what they’re doing with their apps. But there are still instances where a user may download an .ipa or .tipa file from a shady source and this is where a user’s risk of malware infection increases.
Practicing restraint and only downloading apps to perma-sign from trusted sources can keep you relatively safe from malware such as the SeaShell attack discussed above. But if you want an additional layer of security, then you may want to consider a new Shortcut called TrollInstall that automatically screens your downloaded .ipa and .tipa files for SeaShell malware and then lets you choose to either abort the installation or move forward anyway.
We first learned about the TrollInstall Shortcut in a post shared to /r/jailbreak a couple of weeks ago, and since then, the shortcut has received a number of updates to improve the app’s localization support and more.
If you’re planning to perma-sign a lot of apps on your device, it’s generally a good idea to screen them for malware before giving them full entitlements to your device, otherwise you run the risk of having personal information stolen from you, which is no good. That said, we think this is a useful shortcut that all TrollStore users should consider downloading and using.
Just in case you haven’t heard of the SeaShell malware before, you can learn everything you need to know about it on the Wiki page. It’s indeed scary to know that hackers are actively baking these kinds of attacks into things ordinary users may inadvertently download, so taking steps to protect yourself is important.
To find out more and to use TrollInstall for yourself, you can head over to the project’s GitHub page.
Are you going to use the TrollInstall Shortcut to protect yourself from SeaShell when installing apps via TrollStore? Be sure to let us know why or why not in the comments section down below.