Tutorial Remove AdThief Malware On Jailbroken Devices

Recently AdThief, a malware was infecting about 75,000 jailbroken iOS devices so far. This is an iOS malware that is only found in jailbroken devices, it hijacks advertisement revenues and redirects them to the attacker.

AdThief was created by a Chinese hacker. This malware basically stealing ad revenue from publishers and generating ad revenue for the malware creator by replace the publisher ID of publishers, targeting ad networks such as  Google-owned AdMob, Google Mobile Ads, AdWhirl, MdotM, and MobClick, the remaining targeted ad networks were all from China or India. It won’t steal your personal information and hurt the user directly.

Remove Adthief Malware

Here i would like to show a way to check if your device has been effected, then you can delete it manually.

Find And Remove AdThief

Download ifunbox and installed, then connected to iOS devices by cable.

Navigate to “/Library/MobileSubstrate/DynamicLibraries” folder, check whether the folder got below mentioned adware files. Delete it if found.

  • spad.dylib
  • spad.plist
  • libgad.dylib

iFunbox application

Navigate to “/usr/lib” folder, if found “libgad.dylib” file then delete it.

Navigate to “/usr/bin” folder, if found “sad” folder then delete it.

Navigate to “/var” folder, if found “sad” folder then delete it.

Your jailbroken iOS devices comfirm was not infected by AdThief malware it you can’t find the files listed above. We recommend that Jailbreak users avoid download pirated tweaks from pirated repos or shady repos in Cydia, always careful about what repositories they add and what package they download.