Apple iPhone users are being warned to check their devices against a list of malicious apps disclosed in a new report.
A new report from the research team at Wandera has identified 17 apps from one developer that load a malicious clicker trojan module on an iOS device.
The trojan focuses on ad fraud, but it also encrypts and sends data from the infected device to an external command and control server, raising the risk profile. Wandera told me that an even more worrying element of the trojan, one not included in the write-up, is a set of devious techniques to evade detection. The malware triggered only when loaded with an active SIM and left running for two days… “We were amazed with this one,” Wandera VP Michael Covington tells me ahead of the report’s release. “We’ve seen a couple of issues creep into the Apple App Store over the last few months — and it always seems to be the network element.” In his view, Apple misses the runtime element of an app’s behaviour when scanned before approval. “They don’t have a deep threat research expertise,” he explains, “but to find malicious network traffic, you have to watch live apps and see how they perform.”
What the Wandera team has seen is performance degradation, battery drain, heavy bandwidth use — one ad runs a video stream for more than five minutes, others contain large images… Wandera is in discussions with Apple, sharing its findings. But in the meantime the apps remains available for install. The good news is that deleting the apps appears to solve the problem, no remnants are left behind.
MacDailyNews Note: The list via Wandera’s report:
• RTO Vehicle Information
• EMI Calculator & Loan Planner
• File Manager – Documents
• Smart GPS Speedometer
• CrickOne – Live Cricket Scores
• Daily Fitness – Yoga Poses
• FM Radio PRO – Internet Radio
• My Train Info – IRCTC & PNR (not listed under developer profile)
• Around Me Place Finder
• Easy Contacts Backup Manager
• Ramadan Times 2019 Pro
• Restaurant Finder – Find Food
• BMI Calculator PRO – BMR Calc
• Dual Accounts Pro
• Video Editor – Mute Video
• Islamic World PRO – Qibla
• Smart Video Compressor
All 17 infected apps are published on the App Stores in various countries by the same developer, India-based AppAspect Technologies Pvt. Ltd.
The icons for the infected apps: