Malware targets jailbroken iOS devices, hijacks ad revenue
Posted on 13.08.2014
AdThief (or Spad) is the name of a recently discovered iOS malware that has managed to infect some 75,000 jailbroken iOS devices and steal revenue from around 22 million ads in a period that spanned a little over four months.

When compared to malware targeting the Android mobile OS, iOS malware is extremely rare, and it's understandable why new instances always generate quite an interest in anti-virus circles.

Discovered by researcher Claud Xiao in March 2014, AdThief's first appearance happened around December 10, 2013. As the researcher didn't share many details about his discovery, Fortinet's senior mobile AV analyst Axelle Apvrille has decided to dig in herself and see what it's all about.

The first thing she made sure to note is that the malware works only on jailbroken iOS devices. It implements and takes advantage of the Cydia Substrate, a platform for modifying existing processes, to hook advertisement functions and make a simple change: the developer's or an afilliate's ID is changed to that of the attacker.

This means that every time an ad is viewed or clicked, the revenue from it that should to the former is redirected to the latter. Technically, the malware does not impact the user - the developers are the ones who will lose money.

The malware targets 15 mobile adkits. Most of them are Chinese, but some US (AdMob, AdWhirl, Google Mobile Ads) and Indian (InMobi, Komli Mobile) ones are also affected.

While analyzing the malware, Apvrille has also found debugging information that seem to point to a Chinese hacker specializing in mobile platforms as the author of the malware.

His online handles "Rover12421" and "zerofile" revealed a Twitter account, a blog, Android hacks, and forum posts that intimate that he only created part of the malware's code, i.e. an ad ID replacement plug-in that has later been improved on, as well as propagated, by others.

Unfortunately, neither of the researchers explained how the malware spreads and infects devices. My money is on voluntary downloads of trojanized apps from third party (illegal) iOS app stores.









Spotlight

How to talk infosec with kids

Posted on 17 September 2014.  |  It's never too early to talk infosec with kids: you simply need the right story. In fact, as cyber professionals itís our duty to teach ALL the kids in our life about technology. If we are to make an impact, we must remember that children needed to be taught about technology on their terms.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Sep 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //