iOS Jailbreak: AdThief Malware Found Hijacking Ad Revenue from 75,000 Infected Devices
iOS Jailbreak: AdThief Malware Found Hijacking Ad Revenue from 75,000 Infected DevicesVirus Bulletin

A revolutionary ad-based malware touted as "AdThief" has reportedly been hijacking ad revenue out of 75,000 infected devices that have been jailbroken via Cydia.

According to a recent research paper submitted on Virus Bulletin by the Security Researcher, Axelle Apvrille, the malware better known as "spad" was first unearthed in March 2014.

The malware reportedly infects iOS jailbroken devices by disguising itself as Cydia Substrate extension when a malware infected Cydia package is downloaded or installed by the unsuspecting user.

AdThief's Hidden Motives and Goals

The report adds that the aim of the malware is to hijack revenues from advertisements on the infected device and pass on the revenue accrued to the attacker instead of the developer of the app or affiliated website.

The AdThief malware has allegedly hijacked revenues from over 22 million ads by swapping the publisher ID with the attacker's own ID as ad revenue is generated every time an infected user clicks on an ad while surfing the website.

iOS Jailbreak: AdThief Malware Found Hijacking Ad Revenue from 75,000 Infected Devices
iOS Jailbreak: AdThief Malware Found Hijacking Ad Revenue from 75,000 Infected DevicesVirus Bulletin

It is further ascertained that the malware's targeted networks include Google-owned AdMob and Google Mobile Ads, besides 13 other ad networks via ad kits.

In addition, there are many American companies targeted by AdThief which include AdWhirl, MdotM and MobClick, while the rest of them were reportedly from China and India.

Malware Intelligence Report

The malware creator reportedly left some debugging information linked to source filenames that helped the researcher to track down the culprit who was later identified as Rover12421, a Chinese hacker known as zerofile who specialises in making Android hack tools.

The hacker has also admitted on pediy.com forums that he had written some parts of the malware code during the development of publisher ID swapper for AdMob earlier in March 2014, while denying any involvement in the propagation of AdThief malware or being part of the conspiracy.

Can you Detect AdThief Malware Presence on Jailbroken Devices?

It is not yet known how the malware hooks itself using Cydia Substrate extension on jailbroken devices, though it is likely to infect devices running third-party apps or pirated apps downloaded from Cydia.

There is no clear way of detecting the malware on iOS devices yet. However, users are strongly advised to double-check the legitimacy of the source or repositories before downloading any third-party apps from Cydia store.