Apple’s devices and the App Store are generally considered more secure compared to competitors such as Android or Windows. Apple has greater control and curation over the software it allows on the App Store, making malware much less common than on Google Play, for example. However, as the last few weeks have shown, even legitimate-looking, frequently downloaded apps can be stealthy malware – yes, even on Apple platforms.
Most recently security researcher Alex Kleber detected seven malware apps hides in plain sight in the Mac App Store. All seven apps appeared to be made by different publishers according to the App Store listings, but Kleber discovered that they were actually made by a single group based in China.
The apps in question include:
- PDF reader for Adobe PDF files (Sunnet Technology Inc.)
- Word Writer Pro (Netozo Limited)
- Screen Recorder (Safeharbor Technology L Ltd.)
- Webcam Expert (Wildfire Technology Inc.)
- Streaming browser video player (Boulevard Technology Ltd.)
- PDF Editor for Adobe Files (Polarnet Limited)
- PDF Reader (Xu Lu, apparently affiliated with Sunnet Technology Inc.)
Although Apple has removed these apps from the macOS App Store, they are not removed from devices that have downloaded them. If you have any of these apps on your Mac, delete them as soon as possible.
All of these apps were among the top 100 most downloaded apps in the US App Store rankings, some of which climbed into the top 10, and PDF Reader for Adobe PDF files ranked #1 in the Education category.
Uploading malware to Apple’s App Store is difficult, but clearly not impossible. The developers behind the seven malware apps submitted “benign” versions of apps that hid malicious code in their encrypted database. After the app passed certification and became available on the App Store, it essentially “morphed” and activated the hidden malware. Many Android malware apps use a similar strategy to bypass Play Store security checks.
Apple removed all seven apps following Kleber’s disclosure, but their existence shows how easily malware can show up anywhere, even on seemingly safe platforms like Apple’s App Store.
As a matter of fact, MacRumors reported last week on a top-tier third-party Facebook ad management app that stole user data, took over their accounts and used the account holder’s advertising budget to promote ads for the malicious app developer’s software. Apple also removed the unnamed rogue app from the iOS App Store, but it apparently amassed over 250,000 downloads before it was disabled.
While you are safe from this recently identified App Store malware, this should serve as a warning against downloading unknown apps from any platform. No platform is completely secure, and if fake apps can climb the rankings like this, other malware is probably hiding in the App Store right now.
Malicious app developers go to great lengths to appear legitimate. Some apps imitate or directly steal the interfaces and functions of other software. They also usually work as intended while hiding scams or invasive data stealing features. These intrusive features usually – although not always – require high-privilege permissions unrelated to the advertised use of the app.
Many hackers even create fake companies, including fake websites and privacy policies (which are prerequisites for submitting an app to Apple). We’ve seen other rogue apps on the App Store using fake privacy policies, but they’re easy to spot if you look closely. Many appear on random domains unrelated to the app or its publisher — for example, the seven apps Kleber found all used a single GoDaddy domain. Similarly, the apps often boast suspiciously high ratings and rave user ratings, which is why it’s important to read more than just the top rated or top ranked user comments.
But even if you are extremely vigilant, the best way to protect yourself and your devices is to only download known apps from trusted publishers.
[Mac Observer]
#Great #Apple #App #Store #malware
Leave a Comment