Remember when they said iOS is almost completely impervious to malware?
Yeah… about that.
A relatively new form of malware on iOS is estimated to have stolen revenue from 22 million ads and may have infected as many as 75,000 devices so far.
The malware, iOS/AdThief, was first discovered last spring but not fully understood until Axelle Aprville, a researcher with Fortinet, took a deep dive into the malware for a Virus Bulletin study published last month.
According to ThreatPost, the malware — also known as Spad — “tweaks a developer ID that’s intended to tell ad developers when their ads are either viewed or clicked and in turn, generate revenue. In the malware’s case, infected devices funnel those small payments away from the developers to the hacker.”
The malware is operational only in jailbroken devices for the time being. It uses Cydia Substrate, a platform for developing third-party add-ons for iOS, to execute the hack.
In total the malware jacks revenue from 15 different ad kits. While most are Chinese, four (including Google’s AdMob) are based in the U.S. and two reside in India.
Affected kits include AderMob (China), AdMob and Google Mobile Ads (U.S.), AdsMogo (China), AdSage/MobiSage (China), AdWhirl (U.S.), Domob (China), GuoHeAD (China), InMobi (India), Komli Mobile (India), MdotM (U.S.), MobClick (U.S.), UMeng (China), Vpon (China), Weibo (China), and YouMi (China).
According to ThreatPost, “an oversight by the hacker – failing to omit the malware’s debugging info – allowed the researchers to see exactly which adkits were being compromised by the malware.”
Further research into the malware’s creator (Rover12421) claims he wrote part of the code “some time ago,” that it was his only iOS project, and the person denies
To read more about it (we dare you, jailbroken iOS users), click here.