October 25, 2019 at 3:30 pm #4880UK SentinelModerator
- Posts 3397
Apple yanks 18 iOS store apps that sheltered advert-mashing malware
The iOS App Store is 18 applications lighter today after the software was caught harboring malware that secretly clicked on ads, signed up punters for premium services, or deliberately overloaded websites.
Apple on Thursday pulled the apps, all written by India-based AppAspect, after confirming they were being used for click-fraud, generating cash for miscreants. While these types of programs are not uncommon, and can occasionally slip past the Android and iOS app store filters, there’s a bit more to this story than your run-of-the mill scamming operation.
The apps themselves are mostly productivity and news programs, many localized for users and services in India – think train timetables and such stuff. They are full and usable apps in their own right, so there is reason to believe the developer may not have known about the malicious activity lurking in its code.
According to the team at Wandara, which uncovered the malicious software and reported the apps to Apple, the programs connected to a command-and-control server to receive orders to carry out. Wandera counted only 17 apps to Apple’s 18, as one application appeared in two regions, and so was double counted by the iGant, though it is essentially the same code.
The control server would send the apps commands to do things like load advertisements, open website windows in the background, or even change a device’s settings to subscribe it to expensive subscription services.
The existence of this machine has been known of for some time: it was associated with a previous takedown of apps from the same developer on Android.
“Additional research found that AppAspect’s Android apps had once been infected in the past and removed from the store. They have since been republished and don’t appear to have the malicious functionality embedded,” Wandara said.
“It’s unclear whether the bad code was added intentionally or unintentionally by the developer.”
It’s possible, then, that the code to connect to the click-fraud server, both on Android and later iOS, was slipped in by a rogue developer or another scumbag without AppAspect’s knowledge.
Full story can be sourced in below link.
In a completely sane world, madness is the only freedom (J.G.Ballard).
- You must be logged in to reply to this topic.