Think your iOS device is immune to malware? Think again. If you jailbreak, your iPhone, iPad, or iPod touch could be infected by “AdThief” malware, a money-making machine that is now installed on an estimated 75,000 devices.
First discovered back in March and also known as “Spat,” AdThief was created by a Chinese hacker and comes disguised as an innocent substrate extension that installs itself when you download certain packages from Cydia, the jailbreaker’s App Store alternative. According to a report from Axelle Apvrille in the Virus Bulletin, it’s more widespread than you might think.
Once installed, the malware alters certain advertisements displayed on your iOS device to reroute all of the revenues to AdThief’s creator. So, if you download a free iOS app from the App Store that’s ad-supported, all of the cash generated by that app goes to the hacker behind AdThief rather than the app’s developer.
AdThief targets advertisements from 15 popular networks, including Google’s AdMob and Mobile Ads, AdWhirl, MdotM, and MobClick. Although it won’t hurt the user directly — at least not that we know of — it does hurt app developers. It also serves as a warning to those who believe the iOS platform is free from such parasites.
What’s most concerning about this particular hack is that there’s no way to find out if your device if infected by it; AdThief runs in the background and is almost impossible to detect.
If you’re a Cydia user, the easiest way to avoid it is to ensure you only ever download from trusted repositories. Be careful about adding new sources, and always be suspicious of those that promise pirated downloads of paid apps and tweaks.