More than 75,000 iPhone users of jailbroken devices were targeted by Chinese AdThief malware, hijacking nearly 22 million advertisements and cashing in on the advertisements revenue.
The malware was detected by virus expert Axelle Apvrille, who said cybercriminals likely made big bucks off the stolen profits. AdThief is designed to rely on Cydia Substrate—a platform for modifying existing processes, which only works on jailbroken iOS devices.
In a paper published on Virus Bulletin (PDF), Apvrille explains the hackers were able to manipulate the advertiser identities, redirecting the revenue to the hackers, instead of developers or legitimate affiliates, each time an end-user viewed or clicked on a given advertisement.
The Chinese malware targets about 15 known mobile advertising kits, including Google Mobile Ads and Weibo – four of which are based in the United States, two in India and the rest in China. The targets were confirmed due to an error from the attackers in failing to remove identifying information from the code.
“The malware author forgot to strip out some debugging information – which is helpful (for us) for identifying the adkits it targets via their source filenames,” said Apvrille. The strings inside the malware lead Apvrille to identify and localize the malware author with a path displaying the user as “Rover12421.”
The coder is known to run a blog detailing a variety of Android hacks, a Github and an inactive Twitter account. He admitted to writing parts of the code a while ago but denied any responsibility for the exploit, saying the code was likely improved by a third-party.
Malware on iOS devices is not nearly as common as it is for Android users, making the discovery of AdThief “hot news for an anti-virus anlyst,” said Apvrille. Although the malware is not prevalent, it has had a fair share of impact on the amount of revenue that developers have lost.
Categories: Top Security Stories