Apple store apps are not all safe: Malwarebytes, Tripwire

News by Doug Olenick

Apple has more rotten apps in its App Store than many people may realise and the company is not always quick to act in removing titles that have been proven malicious, according to two new reports.

Apple has more rotten apps in its App Store than many people may realise and the company is not always quick to act in removing titles that have been proven malicious, according to two new reports.

Malwarebytes and Tripwire both pointed out Apple and its purportedly safe app store have had issues of late with malicious apps managing to hop over its "walled garden" with some remaining available even after they are pointed out to Apple.

The two security firms specifically pointed out Adware Doctor as one example, with Malwarebytes adding the apps Open Any Files: RAR Support, Dr. Antivirus and Dr. Cleaner were found still available and in the store and exfiltrating a wide variety of user data in addition to minimally doing their advertised job.

"It’s blindingly obvious at this point that the Mac App Store is not the safe haven of reputable software that Apple wants it to be. I’ve been saying this for several years now, as we’ve been detecting junk software in the App Store for almost as long as I’ve been at Malwarebytes. This is not new information, but these issues reveal a depth to the problem that most people are unaware of," said Malwarebytes researcher Thomas Reed.

Tripwire’s Graham Cluley concurred noting "Mac users should take just as much care as their PC and Android-running cousins when it comes to choosing what software to install on their computers." He also pointed out that just because an app like Adware Doctor, which costs US$ 4.99 (£3.84) and is a popular download, does not mean it is secure. A high download rate or user rating can sometimes be created by the malicious actors.

Reed said his company reported Adware Doctor to Apple in December 2017 and Cluley said it remained available until 7 September, 2018 when the app’s problems were made public by Patrick Wardle

Malwarebytes and Tripwire found Adware Doctor removed Safari history, Chrome history, Firefox history, a list of all running processes and a list of software that you have downloaded and from where. All without informing the device owner and for no real good reason as the apps did not need this information to carry out their designed and advertised tasks.

The other apps listed by Malwarebytes all appear to be created and posted by the same individuals as they all shared certain traits.

Open Any Files: RAR Support is mainly used to hijack a device by appearing when the device attempts to open a file without the appropriate app. The pop up tells the user they can’t open the file due to malware and then offers a link to a supposed security product, usually the aforementioned Dr. Antivirus. If the victim clicks the link it pulls much the same data as Adware Doctor.

Dr. Antivirus, in turn, pulls much the same data as the previous two apps, with the addition of listing every app found on the device and then it uploads the information to the same URL as Open Any files

Finally, Dr. Cleaner also collected the same data and Malwarebytes found, through the WHOIS record, the drcleaner website domain is owned by someone living in China.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews