BigBoss, one of the biggest and most popular Cydia repositories, has allegedly been hacked. Attackers “Kim Jong-Cracks” claim to have gained access to all packages — including paid titles — and made them available for free via their own repo. Cydia users are advised to steer well clear of it, however.
If you’re unfamiliar with Cydia, it’s the jailbreaker’s App Store alternative for iOS. It contains thousands of apps, tweaks, themes, and other downloads that Apple wouldn’t approve of. The BigBoss repository has long been one of Cydia’s biggest and best, but it may have just been hit hard by hackers.
The new “ripBigBoss” repo from Kim Jong-Cracks claims to offer all BigBoss packages (13,954 in total) for free; they’ve even published a massive log file that names each and every one of those packages — and their MD5 sums — as proof of their success. But it’s not entirely clearly why BigBoss was targeted.
“The website and companion repo are using Saurik’s recent “Competition vs Community” as a motivation for their acts,” iDownloadBlog reports — but it’s thought this could simply be a front in an attempt to hide their real identity. Whatever the case, we recommend you avoid the ripBigBoss repo at all costs.
Not only could using it have a negative impact on the original BigBoss repo, but it could also be dangerous. Kim Jong-Cracks promises that all packages are original and malware-free, but you shouldn’t trust those claims; the packages hosted by ripBigBoss could contain malicious code that you do not want to install on your iOS device.
Packages hosted by the original BigBoss repo should still be safe, however. Kim Jong-Cracks claims to have injected them with malware, but Cydia creator Suarik believes this is untrue. In a statement to iDB, Saurik said:
This article mentions malware being potentially injected into the BigBoss repository; we do not believe this to be the case. Packages in Cydia repositories are cryptographically verified from the repository package index. I have an index of all historic changes to the package indices for default repositories, and have verified that the content on BigBoss did not change in ways that the repository administrators did not expect.
We’re not linking to the ripBigBoss website for obvious reasons, but it’s pretty easy to find if you want to know more. No matter how curious you may be, however, do yourself and BigBoss a favor and steer clear of the repo.