Researchers have discovered 17 malicious applications on the Apple App Store which are all infected with clicker trojan malware.
The threat research team at Wandera found that the applications have been designed to conduct fraud-related tasks in the background, such as clicking links without any user interaction, in order to generate revenue for the attacker.
In a blog post, the firm explains that the “Clicker Trojan is a well-understood class of malware that performs ad-fraud by making frequent connections to ad networks or websites in order to artificially inflate visitor counts or to generate revenue on a pay-per-click basis.”
The 17 apps cover a range of application categories including productivity, travel and platform utilities. To which all the infected apps engage have the same developer, AppAspect Technologies Pvt. Ltd.
Of the apps published by the developer, 17 was found to have the malicious clicker functionality, and communicate with the same command-and-control (C&C) server – which utilises strong encryption to avoid being identified.
The C&C allows malicious apps to bypass security checks as it activates a communication channel directly with the attacker – not within Apple’s view. The channels can be used to distribute ads, commands and payloads.
“We believe these apps bypassed the Apple vetting process because the developer didn’t put any ‘bad’ code directly into the app. Instead, the app was configured to obtain commands and additional payloads directly from the C&C server, which is outside of Apple’s review purview,” said Michael Covington, VP of product strategy at Wandera.
Prior to releasing this research, the research team notified Apple who swiftly removed the apps from the Apple store.
“This discovery is the latest in a series of bad apps being surfaced on an official mobile app store and another proof point that malware does impact the iOS ecosystem. Mobile malware is still one of the less frequently seen threats in the wild, but we are seeing it used more in targeted attack scenarios. Techniques like those used in this example also point to more instances of malware being introduced into official app sources, making it more accessible to everyday consumers and mobile workers alike,” wrote Wandera.
“We recommend taking some extra time to research an app before downloading it. Start with looking at the app reviews and be mindful that many developers pay for fake reviews, so read through them and look for bad experiences that are consistently referenced or ‘liked’ by other users,” said Covington.
The post #Privacy: Malicious iPhone apps removed from the Apple App Store appeared first on PrivSec Report.