News

iOS ad-hijacker malware hits 75,000 jailbroken devices

Security researcher shines a light on iOS malware risks

20 Aug 2014

Further details have emerged about a piece of iOS malware that redirects ad revenues to cyber attackers each time a person uses their devices to view or click on advertisements.

The malware, dubbed AdThief, is known to have infected around 75,000 iOS devices to date, according to a Virus Bulletin advisory notice. It specifically targets jailbroken Apple tablets and smartphones.

At the time of writing, it's estimated the malware has been used to steal revenue from approximately 22 million ads.

The malware was first uncovered in March 2014 by security researcher Claud Xiao, but scant detail about how it operates was released at the time.

As a result, another security researcher, Axelle Apvrille, has taken it upon themselves to find out more about its inner workings and has uncovered details of who created it.

"Each time you view or click on an ad on an infected device, the corresponding revenue goes to the attacker, and not to the developer or the legitimate affiliate," Apvrille writes.

By analysing the makeup of the malware, Apvrille has ascertained that it was created by a Chinese hacker, who has admitted to writing part of the code but claims a third-party refined it.

The hacker has also denied having any role in its distribution.

The emergence of AdThief is significant, the researcher continues, because iOS malware is so uncommon.

"At the end of 2013, there were only four different families, as well as a dozen families of adware or spyware," they continued.

"Thus, the discovery of new iOS malware is generally pretty hot news for an anti-virus analyst."