Owners of iPhones and iPads who jailbreak their devices generally understand that they're losing Apple's security protections, but that message hasn't really hit home until now. Two security researchers have documented that iOS malware called AdThief malware may have infected more than 75,000 jailbroken iDevices and stolen revenue from more than 22 million online ads.
Axille Apvrille, a French researcher for Sunnyvale, Calif.-based information-security Fortinet, has just published a paper about AdThief (PDF) in Virus Bulletin, a British-based online magazine that tracks information about online safety. (Apvrille's paper is dated July 2, but was posted Aug. 12.)
Her paper builds on earlier work by Chinese researcher Claud Xiao, who discovered AdThief in March. Because his initial publications on the matter were very technical, Apvrille has attempted to clarify the situation.
The good news for users of jailbroken iOS devices is that AdThief doesn't directly target them. Instead, it redirects the ad-click micropayment (a tiny fraction of a cent) that takes place every time a user of an infected device clicks on an ad in an app or on a website. The ad revenue goes not to the legitimate recipients, but to a malefactor — possibly a Chinese hacker who wrote significant chunks of the code.
As for how AdThief spreads, the vector of infection is not crystal-clear, but AdThief appears to require the presence of Cydia, a widely used platform for jailbroken iDevices that allows and manages installation of apps from outside the iTunes App Store. Cydia is often automatically installed during the jailbreaking process.
Most of the ad networks targeted by AdThief are Chinese, but four are based in the United States, including Google's AdMob, and two in India. As long as a phone is jailbroken and has Cydia installed, the malware may have a way to get in. It's not clear whether changing the iOS root password from the default "alpine" will block the infection.
If you've been infected with AdThief, getting rid of it is not easy, as it compromises at least 15 prominent adkits. Security software for jailbroken iDevices is not exactly common, so your best recourse may be to restore your iPhone to manufacturer settings and, at least temporarily, erase the jailbreak.
Doing so won't be as sexy as access to unauthorized app stores, but it also means that you won't be funding online criminals who, sooner or later, may turn their sights to users rather than advertisers.
- Mobile Security Guide: Everything You Need to Know
- 10 iPhone Photo Tips for Shooting Like a Pro
- Best PC Antivirus Software 2014