Malware known as AdThief, which targets jailbroken Apple iPhones and iPads, has infected about 75,000 devices.
Although security researchers at Palo Alto Networks first revealed the malware, Fortinet provided additional details in a recent Virus Bulletin.
Using a Cydia Substrate extension, the malware, created by a Chinese hacker, hijacked revenue from 15 different adkits — including AdWhirl and Google Mobile — through an infected device. When a user views or clicks an ad, "the corresponding revenue goes to the attacker.”
The malware exploits the Cydia Substrate's ability to modify existing processes — using a provided API, the malware “hooks various advertisement functions and modifies the developer ID to match that of the attacker,” the advisory said.
Although iOS malware is uncommon and iOS/AdThief infection rates are low, it has hijacked 22 million ads and generated “significant revenue” for its attackers.