In April this year, an iOS malware called Unflod was infecting jailbroken devices and stealing the Apple ID and password of the users. It is possible to have your jailbroken iOS device infected if you download pirated tweaks from pirated repos. Now, there’s a new malware called AdThief, which has infected about 75,000 jailbroken devices so far.
AdThief, also known as spad, was discovered by security researcher Claud Xiao in March this year. This is an iOS malware that is only found in jailbroken devices and it hijacks advertisement revenues and redirects them to the attacker.
This malware basically swaps an ad publishers id with that of the attacker, directing all the ad revenue to him and making him rich. According to the research paper published by Axelle Apvrille, revenue from over 21 million ads were hijacked using this malware. Ad networks such as Google’s AdMob and Mobile Ads were among the 15 different that were targeted.
After some digging, it was found that a Chinese hacker named Rover12421 was behind the malware. He did come forth and admit to working on spad sometime ago, but stated that he did not have any involvement in this malware. According to him, it was his only iOS project and he worked on it for a while, wrote some code, but is now closed. We can’t be sure if he’s telling the truth or just trying to avoid any charges. We are also not sure and neither is the security researcher, on how this malware infects jailbroken devices. It is built over Cydia’s Substrate platform and pirated tweaks could be one way how this makes its way into your iOS device.