Petr Škuta Apple confirmed that it had to remove a total of 17 malicious apps from the App Store. All of them went through the approval process.
total 17 apps from a single developer has been removed from the App Store. They fell into various areas, be it restaurant search engine, BMI calculator, internet radio and many others.
The malicious apps were discovered by Wandera, a company that deals with security on mobile platforms.
A so-called clicker trojan was discovered in the applications, i.e. an internal module that takes care of repeatedly loading web pages in the background and clicking on specified links without the user's knowledge.
The goal of most of these Trojans is to generate website traffic. They can be used as such to overspend the competitor's advertising budget.
Although such a malicious application does not cause any major problems, it can often exhaust, for example, the mobile data plan or slow down the phone and drain its battery.
The damage on iOS is less than on Android
These apps easily avoid the approval process because they do not contain any malicious code themselves. They download it only after connecting to a remote server.
The Command & Control (C&C) server allows applications to bypass security checks, as communication is only established directly with the attacker. C&C channels can be used to spread advertisements (the already mentioned iOS Clicker Trojan) or files (attacked image, document and others). The C&C infrastructure uses the backdoor principle, where the attacker himself decides to activate the vulnerability and execute the code. In case of detection, it can hide the entire activity.
Apple has already responded and intends to modify the entire app approval process to catch these cases as well.
It could be interest you
Amaya Toman The same server is also used when attacking applications on the Android platform. Here, thanks to the greater openness of the system, it can do more damage.
The Android version allows the server to collect private information from the device, including configuration settings.
For example, one of the apps itself activated an expensive subscription in a helper app that it downloaded without the user's knowledge.
Mobile iOS tries to prevent this a technique called sandboxing, which defines the space where each application can operate. The system then checks all access, apart from and without granting it, the application has no other rights.
The deleted malicious apps came from the developer AppAspect Technologies:
- RTO Vehicle Information
- EMI Calculator & Loan Planner
- File Manager - Documents
- Smart GPS Speedometer
- CrickOne - Live Cricket Scores
- Daily Fitness - Yoga Poses
- FM Radio PRO - Internet Radio
- My Train Info - IRCTC & PNR
- Around Me Place Finder
- Easy Contacts Backup Manager
- Ramadan Times 2019 Pro
- Restaurant Finder - Find Food
- BMT Calculator PRO – BMR Calc
- Dual Accounts Pro
- Video Editor - Mute Video
- Islamic World PRO - Qibla
- Smart Video Compressor
It could be interest you
