Apple Yanks 17 Malware Laden iPhone Apps That Evaded App Store Review Process
Security researchers discovered 17 malicious iPhone apps that managed to get through Apple's review process and land on the App Store. The infected apps, which have now been removed, had been infected with clicker trojan malware "designed to carry out ad fraud related tasks in the background," such as clicking on links and continuously opening webpages.
"The objective of most clicker trojans is to generate revenue for the attacker on a pay-per-click basis by inflating website traffic. They can also be used to drain the budget of a competitor by artificially inflating the balance owed to the ad network," researchers at security firm Wandera state in a blog post.
All of the apps came from the same developer, though they represented a wide range of uses, including a file manager, a GPS speedometer, a fitness app with Yoga poses, and a restaurant finder, to name just a few. Here is the full list of the 17 infected apps...
- RTO Vehicle Information
- EMI Calculator & Loan Planner
- File Manager – Documents
- Smart GPS Speedometer
- CrickOne – Live Cricket Scores
- Daily Fitness – Yoga Poses
- FM Radio – Internet Radio
- My Train Info – IRCTC & PNR (not listed under developer profile)
- Around Me Place Finder
- Easy Contacts Backup Manager
- Ramadan Times 2019
- Restaurant Finder – Find Food
- BMI Calculator – BMR Calc
- Dual Accounts
- Video Editor – Mute Video
- Islamic World – Qibla
- Smart Video Compressor
It seems the apps managed to evade Apple's review process because they did not contain any obvious code linked to malware. Instead, they communicated with a command and control (C&C) server "using a strong encryption cipher," which in turn instructed the apps to carry out fraudulent behavior.
Fortunately, Apple has removed the infected applications from the App Store. Furthermore, Apple says it is taking further measures to prevent this sort thing in the future, multiple outlets report.