75,000 Jailbroken iPhones, iPads Hit by Chinese Malware

Owners of iPhones and iPads who jailbreak their devices generally understand that they're losing Apple's security protections, but that message hasn't really hit home until now. Two security researchers have documented that iOS malware called AdThief malware may have infected more than 75,000 jailbroken iDevices and stolen revenue from more than 22 million online ads.

Axille Apvrille, a French researcher for Sunnyvale, Calif.-based information-security Fortinet, has just published a paper about AdThief (PDF) in Virus Bulletin, a British-based online magazine that tracks information about online safety. (Apvrille's paper is dated July 2, but was posted Aug. 12.)

MORE: 10 Pros and Cons of Jailbreaking Your iPhone or iPad

Her paper builds on earlier work by Chinese researcher Claud Xiao, who discovered AdThief in March. Because his initial publications on the matter were very technical, Apvrille has attempted to clarify the situation.

The good news for users of jailbroken iOS devices is that AdThief doesn't directly target them. Instead, it redirects the ad-click micropayment (a tiny fraction of a cent) that takes place every time a user of an infected device clicks on an ad in an app or on a website. The ad revenue goes not to the legitimate recipients, but to a malefactor — possibly a Chinese hacker who wrote significant chunks of the code.

As for how AdThief spreads, the vector of infection is not crystal-clear, but AdThief appears to require the presence of Cydia, a widely used platform for jailbroken iDevices that allows and manages installation of apps from outside the iTunes App Store. Cydia is often automatically installed during the jailbreaking process.

Most of the ad networks targeted by AdThief are Chinese, but four are based in the United States, including Google's AdMob, and two in India. As long as a phone is jailbroken and has Cydia installed, the malware may have a way to get in. It's not clear whether changing the iOS root password from the default "alpine" will block the infection.

If you've been infected with AdThief, getting rid of it is not easy, as it compromises at least 15 prominent adkits. Security software for jailbroken iDevices is not exactly common, so your best recourse may be to restore your iPhone to manufacturer settings and, at least temporarily, erase the jailbreak.

Doing so won't be as sexy as access to unauthorized app stores, but it also means that you won't be funding online criminals who, sooner or later, may turn their sights to users rather than advertisers.

Marshall Honorof is a Staff Writer for Tom's Guide. Contact him at mhonorof@tomsguide.com. Follow him @marshallhonorof and on Google+. Follow us @tomsguide, on Facebook and on Google+.

Create a new thread in the Streaming Video & TVs forum about this subject
This thread is closed for comments
Comment from the forums
    Your comment
  • jasonelmore
    well i'm not gonna lose my jailbreak so the proper ad agency gets paid. they are gonna have to do more than that lol.
  • d_kuhn
    revenue from 22 million online ads redirected... let me figure how much that is... lets see... divide by 9... carry the two... so that turns out to be about four dollars and sixtyfive cents. Don't spend it all in one place dude.
  • iKon007
    Not possible... I've heard that iProducts dont get viruses etc! Apparently, they just work....