VIRUS BULLETIN www.virusbtn.com
1
JULY 2014
Covering the
global threat landscape
INSIDE THE IOS/ADTHIEF
MALWARE
Axelle Apvrille
Fortinet, France
Surprisingly (or maybe not), iOS malware isn’t very
common. At the end of 2013, there were only four different...
More
VIRUS BULLETIN www.virusbtn.com
1
JULY 2014
Covering the
global threat landscape
INSIDE THE IOS/ADTHIEF
MALWARE
Axelle Apvrille
Fortinet, France
Surprisingly (or maybe not), iOS malware isn’t very
common. At the end of 2013, there were only four different
families (Ikee, FindCall, Toires and Trapsms) as well as a
dozen families of adware or spyware [1]. Ikee and Trapsms
require jailbroken devices, whereas FindCall and Toires work
on any device.
Thus, the discovery of new iOS malware is generally pretty
hot news for an anti-virus analyst. In March 2014, Claud
Xiao discovered iOS/AdThief, a.k.a. Spad, a piece of
malware which hijacks advertisement revenues and redirects
them to the attacker.
However, very little information was published at the time,
and the little that was published [2, 3] was difficult to
understand (even for technical readers). This paper attempts
to provide a clear description of the virus. In doing so, it also
provides some tips for reversing iOS malware, and a few n
Less