A new worm for jailbroken iPhones is spreading, and this one doesn’t just rickroll you–it steals your bank account.

The newest addition to the growing stable of smartphone viruses makes its way onto the iPhone by exploiting the generic root password common to all jailbroken iPhones–a password which few users ever bother changing.

The worm specifically targets users of Dutch-based online bank ING Direct. When an infected iPhone attempts to browse ING Direct’s web site, the worm automatically redirects the phone to a phishing site designed to collect the owner’s bank account information.

The worm also tries to intercept SMS messages related to banking transactions and, finally, leaves the iPhone connected to a botnet server in Lithuania, which opens the device to unauthorized remote logins.

Security experts have advised anyone with a jailbroken iPhone to immediately change the root password, if they have not already done so. iPhones which have not been jailbroken are not susceptible to this family of worms.