U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Cyber Crime

AdThief malware infected jailbroken Apple devices

Malware expert Axelle Apvrille explained how the iOS AdThief malware infected more than 75000 jailbroken iOS devices hijacking millions advertisements. More than 75,000 jailbroken iPhones have been infected by a Chinese malware which were used by cyber criminals to hijack nearly 22 million advertisements and steal revenue from developers on the iOS jailbreak community. The […]

AdThief malware infected jailbroken Apple devices

Malware expert Axelle Apvrille explained how the iOS AdThief malware infected more than 75000 jailbroken iOS devices hijacking millions advertisements.

More than 75,000 jailbroken iPhones have been infected by a Chinese malware which were used by cyber criminals to hijack nearly 22 million advertisements and steal revenue from developers on the iOS jailbreak community.

The AdThief malware, detected by virus prober Axelle Apvrille, relies on the Cydia Substrate extension that is present on jailbroken devices, the bad actors used it to hijack advertising bucks.

Apvrille identified a Chinese vxer Rover 12421 as author of the malware, the source code includes strings referring the path ‘/Users/Rover12421’ which allowed the expert to localize the coder.

The Chinese hacker is specialized in mobile platforms and claims to have written parts of the AdThief some time ago, but that a third party then improved its source code.

“The malware author forgot to strip out some debugging information – which is helpful (for us) for identifying the adkits it targets via their source fi lenames. It is also helpful for identifying the malware author. Indeed, the strings inside the malware show the following path: /Users/Rover12421/Library/Developer/Xcode/” said the expert.

The coder Rover 12421 admitted to have written the AdThief malware but denied any responsibility for its propagation, the guy ran a blog detailing various Android hacks, a Github and inactive Twitter account.

“We can assume that ‘Rover12421’ is the malware author. He maintains a blog (http://www.rover12421.com/) and works on Android hacks (some of which are hosted at https://github.com/rover12421). He also has a Twitter account  (@rover12421), although that is fairly inactive. On pediy.com forums, he is known as ‘zerofile’” said Apvrille.

Apvrille explained that advertiser identities were modified by the malware to redirect revenue to attackers.

“In other words, each time you view or click an ad on an infected device, the corresponding revenue goes to the attacker, and not to the developer or the legitimate affiliate,” “[AdThief] hooks various advertisement functions and modifies the developer ID (promotion ID) to match that of the attacker.” Apvrille (@cryptax) said.

Chinese malware redirect AdThief

The AdThief malware is targeting 15 mobile advertising kits worldwide, including popular Google Mobile Ads and Weibo, the malware authors have forgotten to remove identifying information from the source code making possible the identification of ad services hit.

The diffusion of AdThief malware is the demonstration that root/jailbreak devices is a risky behavior that exposes mobile users to serious risks.

For further details give a look to the paper “Inside the iOS/AdThief malware published by Apvrille.

Pierluigi Paganini

(Security Affairs –  AdThief, malware)