Apple iPhone users yesterday were warned to check their devices against a list of malicious apps disclosed in a report from security company Wandera. Apple has now confirmed the removal of these apps and says App Store security tools have updated to detect similar apps.
Seventeen malicious iPhone apps have been removed from the Apple App Store after being found to click on adverts secretly, generating income for cyber criminals.
Uncovered by researchers at security company Wandera, the 17 applications cover a range of categories including productivity, platform utilities, and travel. All 17 were found to be communicating with the same command-and-control server, which uses strong encryption in an effort to hide investigation into the malicious activity.
“We believe these apps bypassed the Apple vetting process because the developer didn’t put any ‘bad’ code directly into the app. Instead, the app was configured to obtain commands and additional payloads directly from the C&C server, which is outside of Apple’s review purview,” said Michael Covington, VP of product strategy at Wandera.
In an email to ZDNet, Apple confirmed that the offending applications have been removed from the App Store and that security tools have been updated to detect similar apps being uploaded in future.
MacDailyNews Take: This sort of patch-and-repair for the Walled Garden, making it stronger, is a Good Thing™ for all of us in the long run!
Does this undermine the argument that only Apple can keep the sheep inside the iOS pen safe?
Does iOS truly offer better security than the Mac? Where’s the proof?
Don’t you just love headlines and articles that say “These 17 apps” and don’t list them? Screw watching the video, list it dammit.
So how many other apps did Apple approve that will later be determined to be malicious. Kind of gives pause to Apple’s claim to fame. SECURITY
For Christ sake, even the ZDNet article does not indicate which apps. Don’t click the video either as it’s simply some guy yammering on about tracking.
Here is the Wandera article where you’ll find which are the offending apps.
https://www.wandera.com/mobile-security/ios-trojan-malware/
MDN posted the list in yesterdays post on this subject.