ONE Jailbreak Ad

TrollInstall

Promotion image of TrollInstall article.

TrollInstall is a shortcut app that lets you install IPA and TIPA files with SeaShell protection. SeaShell is an open-source malware that can easily be injected into any IPA file installed through TrollStore. Downloading IPAs from untrusted sources can compromise your device. With TrollInstall, you can check if SeaShell malware is injected into the IPA before installing the app.

What is TrollInstall?

TrollInstall is a script for the Shortcut app that checks for SeaShell malware present in IPA files. It automatically unzips the IPA file, checks if the "mussel" file is inside or searches for the CFBundleBase64Hash key in all ".plist" files. This helps you automatically determine if the IPA package was altered using the SeaShell script to take control of your iPhone.

When you install IPA files, especially popular paid packages for free from third-party sources, you may unknowingly install the SeaShell backdoor on your iPhone. This malware is easy to inject into IPA files for TrollStore and can give unauthorized access to your device, allowing intruders to remotely control the device, view text messages, photos, and more.

TrollStore does not offer any protection against malware and potentially malicious apps. However, MrDjBird released a simple yet effective TrollInstall shortcut that lets you check if the default version of SeaShell malware is present in the IPA. In my opinion, this is the best available solution to protect yourself from compromising the iDevice.

Screenshot of TrollInstall Shortcut on iOS.

The latest version of TrollInstall includes rewritten OTA functionality, added beta-testing options, a menu when starting the shortcut manually, the ability to view the hacker's IP if the IPA contains malware and an additional menu after IPA checking.

Detecting SeaShell malware

For added protection, I highly recommend using the TrollInstall Shortcut to check if the IPA is free of SeaShell malware. This is the minimum step you should take to ensure your device's safety before installing apps through TrollStore.

Most developers creating TrollStore apps are transparent about their work and release the source code on GitHub. However, when you download a compiled IPA from a third-party source, you have no guarantee that the IPA hasn't been modified, which increases the risk of malware infection. Downloading IPAs from trusted sources can keep you safe.

Future releases of TrollInstall may introduce exciting new features such as Shortcut settings, support for TrollStore URL Scheme, IPA sandboxing, and an option to disable SeaShell.

TrollInstall was published on GitHub as an open-source project. The developer also released a SeaShell test IPA file packed with malware for testing purposes.

SeaShell manual protection

I've created a guide to help you stay safe from attacks through SeaShell. Here are my tips on detecting the SeaShell presence in an IPA file. TrollInstall streamlines this process with a shortcut, making it quicker to identify if an app may have been altered before installation.

  1. Unzip the IPA or TIPA file you want to install.
  2. Look out for suspicious executables in the app bundle. For example, SeaShell Framework might include an executable named "mussel," which is actually a Pwny payload.
  3. Check the Info.plist file for any suspicious entries. SeaShell might add a base64-encoded CFBundleBase64Hash entry containing a host pair (<host>:<port>).
  4. Verify the file's hash sum to ensure its integrity.
Author Photo
Written by

Kuba has over 20 years of experience in journalism, focusing on jailbreak topics since 2012. He has interviewed professionals from Intel, Avast, Microsoft, and more. Besides journalism, Kuba specializes in video editing and drone flying. He studied IT at university before his writing career.

Post a comment

Latest Posts

TrollInstall

Detect SeaShell malware in IPA and TIPA with TrollInstall

TrollInstall is a shortcut app that lets you install IPA and TIPA files with SeaShell protection. SeaShell is an open-source malware that can easily be injected into any IPA file installed through TrollStore. Downloading IPAs from untrusted sources can...

How to Use Proxies for mobile

How to Use Proxies for Your iOS and Android Devices: A Guide

In today's digital age, maintaining privacy and security while accessing the internet on mobile devices is essential. Proxies serve as intermediaries between your device and the internet, offering numerous benefits such as enhanced privacy, access to geo...

The Role of Blockchain in Digital Payments

The Role of Blockchain in Safeguarding Digital Payments

In a progressively internet-riddled world, the safety of online transactions has become paramount. With the intense growth of e-commerce and e-payments, guaranteeing that transactions are protected from fraud and cyber attacks is really important...