New iOS malware use Cydia Substrate to steal advertisement promotion fee 黑客技术

      Comments Off on New iOS malware use Cydia Substrate to steal advertisement promotion fee 黑客技术

This dynamic library, named “spad. dylib”, was found under the listing /Library/MobileSubstrate/DynamicLibraries/. It’s configured to be injected to all functions which use the com. apple.

UIKit framework. It uses Cydia Substrate’s API to hook a lot of everyday commercial SDKs’ code in all functions which use these SDK to popup advertisement or get statistics of its installing. The sample will modify the developer ID or “advertising ID”, “refer ID”, “Publisher ID”, “Ad id” to a couple exact hard coded values. We trust these IDs are belongs to the writer of this sample. By substitute these IDs in other purposes, all extra advertisements displayed in these functions might be counted as promoted by this author.

Thus he gets associated promoting fee which should been initially paid to the purposes’ real builders.

See also  Social Media Archives Intro to Digital