“A number of apps in the Mac App Store have been found to be stealing data from its users, acquiring sensitive information and sending it to the developer, including one app which was the top paid utility available in the store before its removal,” Malcolm Owen reports for AppleInsider. “The biggest app of the list is Adware Doctor, which topped the chart for paid utilities in the Mac App Store, before being removed after the reports about it first emerged on Friday.”
“A second app, Open Any Files, takes over a system’s ability to handle documents that are not associated with an existing app, using the opportunity to advertise other apps that supposedly could open files. Aside from the extra affiliate-based behavior, the app was also found to have similar characteristics to Adware Doctor, in acquiring the browsing and search history of Safari, Chrome, and Firefox, as well as the App Store,” Owen reports. “While the app was reported to Apple in December 2017, it is still available to download from the Mac App Store.”
“Dr. Antivirus, discovered through Open Any Files, performs similar data collection but with limitations, restricted by macOS. The same data was collected and exfiltrated, but with the addition of a file detailing metadata of every application installed on the Mac,” Owen reports. “The same developer created Dr. Cleaner, which again collected data from the user’s Mac and sent it to a specific address.”
“The discoveries of the malware calls into question the safety of apps available from the Mac App Store, and Apple’s ability to make sure they are safe before making them available to purchase or download,” Owen reports. “According to Malwarebytes, the company has reported such instances of malware to Apple for “years,” with barely any immediate actions undertaken to remove the offending apps.”
Read more in the full article here.
MacDailyNews Take: Apple’s Mac App Store needs a real Dr. Cleaner.
Paging Dr. Schiller, Dr. Phil Schiller…
No. 1 paid utility in Mac App Store, Adware Doctor, steals browser history and sends it to servers in China – September 7, 2018