Great, Now There Is Malware in the Apple App Store Too
Apple and App Store devices are generally considered to be more secure than competitors such as Android or Windows. Apple has better control and curation of the software it allows on the App Store, making malware far less common than, say, Google Play. However, as the past few weeks have shown, even seemingly reputable and frequently downloaded apps can be covertly malware—yes, even on Apple platforms.
More recently, Alex Kleber, a security researcher, discovered seven malicious apps lurking in the Mac App Store. Based on the App Store listings, all seven apps were created by different publishers, but Kleber found that they were actually created by the same group based in China.
Applications under consideration include:
- PDF Reader for Adobe PDF files (Sunnet Technology Inc.)
- Word Writer Pro (Netoso Limited)
- Screen recorder (Safeharbor Technology L Ltd.)
- Webcam Expert (Wildfire Technology Inc.)
- Streaming Browser Video Player (Boulevard Technology Ltd.)
- PDF Editor for Adobe Files (Polarnet Limited)
- PDF Reader (Xu Lu appears to be affiliated with Sunnet Technology Inc.)
Although Apple has removed these apps from the macOS App Store, they will not be removed from any devices they were downloaded on. If you have any of these applications on your Mac, please uninstall them as soon as possible.
All of these apps made it to the top 100 most downloaded apps on the App Store in the US, some climbed into the top 10, and PDF Reader for Adobe PDF Files took first place in the Education category.
Downloading malware from the Apple App Store is difficult, but not impossible. Developers of seven malicious applications submitted “harmless” versions of applications that hid dangerous code in their encrypted database. Once the app was certified and made available on the App Store, it essentially “transformed” and activated hidden malware. Many malicious Android apps use a similar strategy to bypass Play Store security checks.
Apple removed all seven apps after Kleber’s disclosure, but their existence shows how easy it is for malware to appear anywhere, even on seemingly safe platforms like the Apple App Store.
In fact, last week MacRumors reported on a high-profile third-party Facebook ad management app that was stealing user data, hijacking their accounts, and using the account holder’s ad budget to promote ads for the malicious app developer’s software. Apple also removed the unnamed rogue app from the iOS App Store, but it appears to have been downloaded more than 250,000 times before it was disabled.
As long as you are safe from this newly identified App Store malware, let this serve as a warning against downloading unknown apps from any platform. No platform is completely secure, and if fake apps can climb the rankings, there is likely other malware lurking in the App Store right now.
Malicious app developers go out of their way to look legitimate. Some applications will mimic or completely steal the interfaces and features of other software. Typically, they will also work as intended, hiding scams or invasive data theft features. These intrusive features usually – though not always – require highly privileged permissions unrelated to the advertised use of the app.
Many hackers even create fake companies, including fake websites and privacy policies (which are required to submit an app to Apple). We’ve seen other rogue apps use fake App Store privacy policies, but they’re easy to spot if you look closely. Many of them appear on random domains not associated with the app or its publisher—for example, all seven apps found by Kleber used the same GoDaddy domain. Similarly, apps often have suspiciously high ratings and rave reviews from users, so it’s important to read more than just the comments of the highest rated or top list users.
However, even if you are very vigilant, the best way to keep yourself and your devices safe is to only download known apps from trusted publishers.
[ Browser for Mac ]