Over 75,000 Jailbroken iOS Devices are Infected by AdThief Malware


Security researcher Axelle Apvrille has revealed in a recent research paper published on Virus Bulletin that AdThief malware, which was first discovered back in March and also referred to as “Spad”, is hijacking ad revenue out of over 75,000 jailbroken iOS devices. The malware was created by a Chinese hacker and comes disguised as a Cydia substrate extension, that installs itself when certain Cydia packages are downloaded.


The report notes that the AdThief malware has hijacked revenues from millions of ads by swapping the publisher ID with the attacker’s own ID as ad revenue is generated every time an infected user clicks on an ad while surfing the website. The researcher further claims that the malware’s targeted networks include Google-owned AdMob and Google Mobile Ads, besides 13 other ad networks via ad kits.

“iOS/AdThief is a technical and malicious piece of code which hijacks revenue from 15 different adkits. It is built on top of the Cydia Substrate platform, available for jailbroken devices, which provides it with an easy way to modify advertisement SDKs. With Substrate, the malware needs only to focus on the call and implementation of each hook.

At first, the identification of every adkit the malware targets was difficult because the code mentions only class names used by each adkit SDK. However, the fact that the malware author did not strip out debugging information helped us to identify all 15 adkits. In particular, this is how support for Komli Mobile and GuoHeAD was detected.”

There are an estimated 22 million hijacked ads, so the malware has probably generated significant revenue for the owners.


  • Nick

    How do we remove this if it’s installed?

  • iFone

    Seriously, if you’re so desperate to be free to run any application and mod your phone (and in the process be vulnerable to malware), just go buy an Android. Seriously. You will be better off that way.

  • ????Dennis

    Can’t believe people are still jailbreaking their iPhone. I did back in the day with the OG iPhone but cmon those days have passed…

    Apple’s closed system is safe and there’s no need for SBS settings anymore. Don’t let these fools hijack your device.

  • ????Dennis

    Simple. Restore your iPhone to factory settings through iTunes. If you must jailbreak your device, be diligent and install only known safe packages from Cydia.

  • f1ght3r

    Android has 1000x more malware than what’s available on a jailbroken ios device.

  • Jay

    Dont be so ignorrant towards the benefits of jailbreaking, just because you settled for the factory default prison doesnt mean we all should -_-
    There are still at least 25 tweaks that I cannot live without, and although apple is slowly copying them into iOS 8 its still lacking quite a bit of basic functionality

  • bored

    not everyone likes to live in the walled garden of apples – while sb settings finally (after 3 ios versions?) got added to ios there are a lot of other useful tweaks people enjoy.

  • ????Dennis

    Relax Jay… The fact that I don’t see the need to jailbreak and possibly getting my phone hijacked, is not being ignorant. It’s putting importance over on my privacy rather than what my springboard looks like. Get out of your mothers basement and get some fresh air, summer isn’t over yet.

  • Jay

    OMG what a huge security flaw…. it replaces the ads (that are blocked and I dont see anyways thanks to a tweak) with other ads that I dont see anyways. I havent really tweaked my springboard, except for the ability to put folders in folders. Your mothers basement comment is equally ignorant -_-