Seventeen malicious iPhone apps have been removed from the Apple App Store after being found to click on adverts secretly, generating income for cyber criminals.
The applications — all from the same developer — were found conducting ad-fraud, by clicking links and continuously opening windows in the background without the user’s knowledge in order to generate revenue for the attacker.
While adware isn’t as intrusive as other forms of malware, it can cause issues for the device, such as slowing it down or draining the battery.
Uncovered by researchers at security company Wandera, the 17 applications cover a range of categories including productivity, platform utilities, and travel.
All 17 were found to be communicating with the same command-and-control server, which uses strong encryption in an effort to hide investigation into the malicious activity.
This C&C server delivers the payloads that provide the ad-fraud activity, and researchers suggest it’s by putting malicious code in an external source like this that has enabled the apps to bypass the App Store’s security measures.
“We believe these apps bypassed the Apple vetting process because the developer didn’t put any ‘bad’ code directly into the app.
Instead, the app was configured to obtain commands and additional payloads directly from the C&C server, which is outside of Apple’s review purview,” said Michael Covington, VP of product strategy at Wandera.
While all 17 of the malicious apps are produced by the same developer, it’s uncertain whether their malicious behaviour is intentional or not, as it’s possible the developer could have been compromised by a third-party source in the supply chain.
In total, the developer concerned has published 51 apps to the App Store.
While adware isn’t as intrusive as other forms of malware, it can cause issues for the device, such as slowing it down or draining the battery.
The company has started to remove malicious apps from the official store, although it is reported that a considerable number of users would have downloaded at least one of these apps.
After downloading and installing, the apps infect the target system with a Trojan developed to perform fraud and some other malicious activities related to background advertising.
“Out of the user’s view, web pages are opened and multiple links are clicked without user interaction,” the report mentions.
Ethical hacking experts claim that these kinds of malwares, known as ‘clicker Trojan’, were designed to generate advertising revenue, inflating traffic from some websites.
They also mention that this kind of malware can be used to remove some legitimate advertisements, causing them to reach a limit that leaves them offline.
Subsequently, a company spokesperson mentioned that the apps were removed from the App Store because they have a code that allows you to perform “artificial clicks”, a practice that goes against Apple’s policies.
“At Apple, we conduct rigorous audits to detect apps that take advantage of our users to perform any kind of fraud,” the spokesperson added.
Because Apple does not provide information about the number of downloads in the App Store, it is not possible to know the exact number of potentially affected users. However, if you use downloads in the Google Play Store as a reference, you can make a calculation to some extent correct.
“The number of downloads of the Android counterparts of these apps exceeds one million users, so affected iOS users could range from 800 thousand to one million”,” the specialists say.
According to ethical hacking specialists from the International Institute of Cyber Security (IICS), the 17 malware-infested apps were placed in the App Store by the same developer, identified as AppAspect Technologies Pvt, based in India.
This company has almost 30 apps in the Google Play Store, although apparently they don’t connect to the malicious server related to iOS app
