AdThief malware is infecting thousands of jailbroken iPhones

A revolutionary ad-based malware touted as “AdThief” has reportedly been hijacking ad revenue out of 75,000 infected devices that have been jailbroken via Cydia. According to a recent research paper submitted on Virus Bulletin by the Security Researcher, Axelle Apvrille, the malware better known as “spad” was first unearthed in March 2014. The malware reportedly infects iOS jailbroken devices by disguising itself as Cydia Substrate extension when a malware infected Cydia package is downloaded or installed by the unsuspecting user.

Think your iOS device is immune to malware? Think again. If you jailbreak, your iPhone, iPad, or iPod touch could be infected by “AdThief” malware, a money-making machine that is now installed on an estimated 75,000 devices. First discovered back in March and also known as “Spat,” AdThief was created by a Chinese hacker and comes disguised as an innocent substrate extension that installs itself when you download certain packages from Cydia, the jailbreaker’s App Store alternative. According to a report from Axelle Apvrille in the Virus Bulletin, it’s more widespread than you might think. Once installed, the malware alters certain advertisements displayed on your iOS device to reroute all of the revenues to AdThief’s creator. So, if you download a free iOS app from the App Store that’s ad-supported, all of the cash generated by that app goes to the hacker behind AdThief rather than the app’s developer. AdThief targets advertisements from 15 popular networks, including Google’s AdMob and Mobile Ads, AdWhirl, MdotM, and MobClick. Although it won’t hurt the user directly — at least not that we know of — it does hurt app developers. It also serves as a warning to those who believe the iOS platform is free from such parasites.