Feeds

We told you jailbreaking your iThing was dangerous

Ad revenue looted from 75,000 infected iOS fondelslabs

Internet Security Threat Report 2014

Chinese malware has infected more than 75,000 iPhones and hijacked some 22 million advertisements and stealing revenue from developers on the iOS jailbreak community, virus prober Axelle Apvrille says.

The AdThief malware relied on the Cydia Substrate extension present only on jailbroken Apple devices to hijack advertising bucks. Unmodified ithings are safe.

Apvrille located and confronted a Chinese vxer Rover 12421 who admitted writing the AdThief code but denied propagating it.

She explained in a paper Inside the iOS/AdThief malware [pdf] that advertiser identities were changed so that revenue was redirected to attackers.

"In other words, each time you view or click an ad on an infected device, the corresponding revenue goes to the attacker, and not to the developer or the legitimate affiliate," Apvrille (@cryptax) said.

"[AdThief] hooks various advertisement functions and modifies the developer ID (promotion ID) to match that of the attacker."

Ad Thief flow

Ad Thief flow

It targeted 15 mobile advertising kits including Google Mobile Ads and Weibo, four of which were based in the US, two in India and the remainder in China. The targets were identified because the attacker forgot to remove identifying information from the code.

A further gaffe meant strings included the path '/Users/Rover12421' allowing Apvrille to identify the coder who ran a blog detailing various Android hacks, a Github and inactive Twitter account.

Ad Thief flow

A cydia ad.

Apvrille said while 75,000 infected devices was small compared to the scores of iOS devices in use, attackers likely made bank with an estimated 22 million ads hijacked.

"... the malware has probably had a fair amount of impact and generated significant revenue for the owners."

Malware targeting Android was far more common since the security controls both on the devices and Google's Play app store were more lax than Cupertino's iOS portfolio.

Users insisting on jailbreaking their devices to make use of pirate apps the Cydia store should change their device's root password, set by default to 'alpine'.®

Internet Security Threat Report 2014

More from The Register

next story
George Clooney, WikiLeaks' lawyer wife hand out burner phones to wedding guests
Day 4: 'News'-papers STILL rammed with Clooney nuptials
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
PEAK IPV4? Global IPv6 traffic is growing, DDoS dying, says Akamai
First time the cache network has seen drop in use of 32-bit-wide IP addresses
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.