Sign in with
Sign up | Sign in

75,000 Jailbroken iPhones, iPads Hit by Chinese Malware

By - Source: Tom's Guide US | B 15 comments

Owners of iPhones and iPads who jailbreak their devices generally understand that they're losing Apple's security protections, but that message hasn't really hit home until now. Two security researchers have documented that iOS malware called AdThief malware may have infected more than 75,000 jailbroken iDevices and stolen revenue from more than 22 million online ads.

Axille Apvrille, a French researcher for Sunnyvale, Calif.-based information-security Fortinet, has just published a paper about AdThief (PDF) in Virus Bulletin, a British-based online magazine that tracks information about online safety. (Apvrille's paper is dated July 2, but was posted Aug. 12.)

MORE: 10 Pros and Cons of Jailbreaking Your iPhone or iPad

Her paper builds on earlier work by Chinese researcher Claud Xiao, who discovered AdThief in March. Because his initial publications on the matter were very technical, Apvrille has attempted to clarify the situation.

The good news for users of jailbroken iOS devices is that AdThief doesn't directly target them. Instead, it redirects the ad-click micropayment (a tiny fraction of a cent) that takes place every time a user of an infected device clicks on an ad in an app or on a website. The ad revenue goes not to the legitimate recipients, but to a malefactor — possibly a Chinese hacker who wrote significant chunks of the code.

As for how AdThief spreads, the vector of infection is not crystal-clear, but AdThief appears to require the presence of Cydia, a widely used platform for jailbroken iDevices that allows and manages installation of apps from outside the iTunes App Store. Cydia is often automatically installed during the jailbreaking process.

Most of the ad networks targeted by AdThief are Chinese, but four are based in the United States, including Google's AdMob, and two in India. As long as a phone is jailbroken and has Cydia installed, the malware may have a way to get in. It's not clear whether changing the iOS root password from the default "alpine" will block the infection.

If you've been infected with AdThief, getting rid of it is not easy, as it compromises at least 15 prominent adkits. Security software for jailbroken iDevices is not exactly common, so your best recourse may be to restore your iPhone to manufacturer settings and, at least temporarily, erase the jailbreak.

Doing so won't be as sexy as access to unauthorized app stores, but it also means that you won't be funding online criminals who, sooner or later, may turn their sights to users rather than advertisers.

Marshall Honorof is a Staff Writer for Tom's Guide. Contact him at mhonorof@tomsguide.com. Follow him @marshallhonorof and on Google+. Follow us @tomsguide, on Facebook and on Google+.

Discuss
Ask a Category Expert

Create a new thread in the Streaming Video & TVs forum about this subject

Example: Notebook, Android, SSD hard drive

This thread is closed for comments
  • 0 Hide
    jasonelmore , August 14, 2014 12:23 PM
    well i'm not gonna lose my jailbreak so the proper ad agency gets paid. they are gonna have to do more than that lol.
  • 0 Hide
    d_kuhn , August 14, 2014 1:31 PM
    revenue from 22 million online ads redirected... let me figure how much that is... lets see... divide by 9... carry the two... so that turns out to be about four dollars and sixtyfive cents. Don't spend it all in one place dude.
  • -1 Hide
    iKon007 , August 14, 2014 4:54 PM
    Not possible... I've heard that iProducts dont get viruses etc! Apparently, they just work....
  • Display all 15 comments.
  • 1 Hide
    house70 , August 14, 2014 5:19 PM
    To get something like that on an Android device one needs to:
    - uncheck the Google Play Services apps verification (enabled by default)
    - enable installation from unknown sources (disabled by default)
    - unlock bootloader or use another exploit to root phone
    - allow all the permissions by the malware app
    - install said app

    Looks like getting malware on an iOS device takes fewer steps. All in the name of customiz-ability (sic!), which is possible in Android without any of these mentioned steps, by default!
  • 0 Hide
    deadfish , August 14, 2014 6:24 PM
    dont care.. the guy losing the revenue should care... I dont.
  • -2 Hide
    ericburnby , August 14, 2014 6:51 PM
    Quote:
    To get something like that on an Android device one needs to:
    - uncheck the Google Play Services apps verification (enabled by default)
    - enable installation from unknown sources (disabled by default)
    - unlock bootloader or use another exploit to root phone
    - allow all the permissions by the malware app
    - install said app

    Looks like getting malware on an iOS device takes fewer steps. All in the name of customiz-ability (sic!), which is possible in Android without any of these mentioned steps, by default!

    Liar.

    iOS is more secure than Android. A simple fact that you apparently can't deal with.
  • 0 Hide
    vaughn2k , August 14, 2014 6:52 PM
    it's money against money... c'mon.. ;) 
  • -2 Hide
    inthere , August 15, 2014 2:43 AM
    Quote:
    Not possible... I've heard that iProducts dont get viruses etc! Apparently, they just work....


    Not a single legit device got a virus, only the jailbroken ones. you're reaching.
  • 0 Hide
    virtualban , August 15, 2014 3:01 AM
    If jailbreaking was almost necessary to fully utilize the iOS, maybe fewer people would have done it.
  • 2 Hide
    therealduckofdeath , August 15, 2014 3:51 AM
    Quote:
    Not a single legit device got a virus, only the jailbroken ones. you're reaching.


    Somewhere between 2-6% of all iPhone users jailbreak their phones because iOS lacks so much functionality. Compare that to around 1% of Android users rooting their phones (which is a much simpler task if you feel the need for it).

    I'd say jailbroken iPhones are very legit iterations of iOS, seeing how common it is.
  • -1 Hide
    house70 , August 15, 2014 4:25 AM
    Quote:

    Liar.

    iOS is more secure than Android. A simple fact that you apparently can't deal with.


    Name-calling has always been the prerogative of the most educated. /s

    I was merely stating facts there. Apparently, the chip on your shoulder can be seen from the Moon.
    Maybe you should stick to being a cop in South Park.... Get it?

    LOL
  • 1 Hide
    ap3x , August 15, 2014 6:12 AM
    Quote:
    To get something like that on an Android device one needs to:
    - uncheck the Google Play Services apps verification (enabled by default)
    - enable installation from unknown sources (disabled by default)
    - unlock bootloader or use another exploit to root phone
    - allow all the permissions by the malware app
    - install said app

    Looks like getting malware on an iOS device takes fewer steps. All in the name of customiz-ability (sic!), which is possible in Android without any of these mentioned steps, by default!


    Lol, here we go again. You do realize that those steps you just described above is what jail breaking actually does right? It is the main reason that allow of security conscious people don't jailbreak due to the risks involved. Same risks that you agree to when you make the changes you mentioned on your Android phone.

    Lets just ignore the fact that you don't have to do the above things to compromise an Android phone. You can download your malicious or unsecure app right on Google Play. Sweet!!
  • 0 Hide
    ap3x , August 15, 2014 6:30 AM
    Quote:
    To get something like that on an Android device one needs to:
    - uncheck the Google Play Services apps verification (enabled by default)
    - enable installation from unknown sources (disabled by default)
    - unlock bootloader or use another exploit to root phone
    - allow all the permissions by the malware app
    - install said app

    Looks like getting malware on an iOS device takes fewer steps. All in the name of customiz-ability (sic!), which is possible in Android without any of these mentioned steps, by default!


    Lol, here we go again. You do realize the step you described above is exactly what jail breaking does right. This is one of the reasons why security conscious users do not jailbreak or root their phones. It opens you up to an environment where applications that do not have to go through the same checks for security and functionality are able to be installed on your phone. Especially now that phones have a large amount if very personal information on this is not a good thing to do.

    Lets ignore the fact that you can download a malicious or unsecure application right there on Google Play. Sweet!! Talk about ease of abuse.

    Quote:
    Quote:
    Not a single legit device got a virus, only the jailbroken ones. you're reaching.


    Somewhere between 2-6% of all iPhone users jailbreak their phones because iOS lacks so much functionality. Compare that to around 1% of Android users rooting their phones (which is a much simpler task if you feel the need for it).

    I'd say jailbroken iPhones are very legit iterations of iOS, seeing how common it is.


    You kind stepped in something on this one. 2-6% of IOS devices jailbroken is a much smaller number than 1% of Android devices rooted due to Android running on over 3997 different devices many of which are running on dated versions of the OS with no ability to upgrade.

    http://opensignal.com/reports/fragmentation.php

    How is Google or any Android device manufacturer for that matter able to manage security effectively across apps and OSwith that kind of fragmentation. Very difficult task.

    Stop waiving flags and look at it realistically. It is only a freaken smart phone.
  • 0 Hide
    sunflier , August 15, 2014 12:09 PM
    Quote:
    ...it redirects the ad-click micropayment (a tiny fraction of a cent) that takes place every time a user of an infected device clicks on an ad in an app or on a website.


    Office Space.
    /and don't miss the mundane detail by placing the decimal in the wrong place.
  • 1 Hide
    ericburnby , August 15, 2014 7:11 PM
    Quote:
    Quote:

    Liar.

    iOS is more secure than Android. A simple fact that you apparently can't deal with.


    Name-calling has always been the prerogative of the most educated. /s

    I was merely stating facts there. Apparently, the chip on your shoulder can be seen from the Moon.
    Maybe you should stick to being a cop in South Park.... Get it?

    LOL


    Certain people deserve respect. Trolls like you who lie, don't.

    iOS has had hardware encryption since the 3GS. Android used software encryption, an inferior method if you're concerned about security. iOS is also FIPS certified, Android is not. There's a reason why iOS completely dominates Android in Enterprise or corporate use.

    Sorry to bring some real facts to this discussion.
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter
  • add to twitter
  • add to facebook
  • ajouter un flux RSS