Researchers have found 17 iOS apps, all by one India-based app developer called AppAspect Technologies Pvt Ltd, which were infected by clicker trojan malware. Apple has removed the apps from the App Store.
Researchers have found 17 iOS apps, all by one India-based app developer called AppAspect Technologies Pvt Ltd, which were infected by clicker trojan malware. The apps have all been taken down by Apple from the App Store, but users who still have any of these apps on their iPhone should delete them given the security risk that they pose.
The results were revealed in a new research done at Wandera cybersecurity firm. These apps infected with clicker trojan malware are as follows: RTO Vehicle Information, EMI Calculator & Loan Planner, File Manager – Documents, Smart GPS Speedometer, CrickOne – Live Cricket Scores, Daily Fitness – Yoga Poses, FM Radio – Internet Radio, My Train Info – IRCTC & PNR (not listed under developer profile), Around Me Place Finder, Easy Contacts Backup Manager, Ramadan Times 2019, Restaurant Finder – Find Food, BMI Calculator – BMR Calc, Dual Accounts, Video Editor – Mute Video, Islamic World – Qibla and Smart Video Compressor.
Keep in mind the My Train Info – IRCTC & PNR is not the official IRCTC app. There’s no official iOS version of the app. Given the names of the apps, it looks like these were mostly targeted at users based in India.
According to the report, “the apps would communicate with a known command and control (C&C) server to simulate user interactions in order to fraudulently collect ad revenue.” The clicker trojan module in the apps is designed to carry out ad fraud-related tasks in the background, notes the report. The tasks include continuously opening web pages or clicking links without any user interaction.
The objective is to generate revenue for the attacker on a pay-per-click basis. The report also revealed that the app developer has a total of 51 apps published on the App Store. “We tested all of the free iTunes Applications of the developer and the results show that 17 out of the 35 free applications are all infected with the same malicious clicker functionality and are communicating with the same C&C server,” notes the report.
Apple “rigorously patrols the App Store to protect customers and to detect apps that may be trying to scam customers”. As per sources, when Apple suspects apps are not acting in conformance with its guidelines, they are immediately investigated, followed by action which might include removal from the Store. In this case, the sources added, 18 apps were removed but no Trojan malware was found. The apps apparently had code that allows for the artificial click-through of ads which is a violation of our guidelines.
As the report points out, the bad apps were able to bypass security checks because it activates a communication channel directly with the attacker and this is not within Apple’s view. Wandera also notified Apple’s team of the malware on all the apps, following which Apple has taken down all the compromised apps, except for two.
These are My Train Info – IRCTC & PNR and Easy Contacts Backup Manager. However, searching for the My Train Info – IRCTC & PNR app on the store does not reveal any results, which means the app could have been removed.
The results were revealed in a new research done at Wandera cybersecurity firm. These apps infected with clicker trojan malware are as follows: RTO Vehicle Information, EMI Calculator & Loan Planner, File Manager – Documents, Smart GPS Speedometer, CrickOne – Live Cricket Scores, Daily Fitness – Yoga Poses, FM Radio – Internet Radio, My Train Info – IRCTC & PNR (not listed under developer profile), Around Me Place Finder, Easy Contacts Backup Manager, Ramadan Times 2019, Restaurant Finder – Find Food, BMI Calculator – BMR Calc, Dual Accounts, Video Editor – Mute Video, Islamic World – Qibla and Smart Video Compressor.
Keep in mind the My Train Info – IRCTC & PNR is not the official IRCTC app. There’s no official iOS version of the app. Given the names of the apps, it looks like these were mostly targeted at users based in India.
According to the report, “the apps would communicate with a known command and control (C&C) server to simulate user interactions in order to fraudulently collect ad revenue.” The clicker trojan module in the apps is designed to carry out ad fraud-related tasks in the background, notes the report. The tasks include continuously opening web pages or clicking links without any user interaction.
The objective is to generate revenue for the attacker on a pay-per-click basis. The report also revealed that the app developer has a total of 51 apps published on the App Store. “We tested all of the free iTunes Applications of the developer and the results show that 17 out of the 35 free applications are all infected with the same malicious clicker functionality and are communicating with the same C&C server,” notes the report.
Apple “rigorously patrols the App Store to protect customers and to detect apps that may be trying to scam customers”. As per sources, when Apple suspects apps are not acting in conformance with its guidelines, they are immediately investigated, followed by action which might include removal from the Store. In this case, the sources added, 18 apps were removed but no Trojan malware was found. The apps apparently had code that allows for the artificial click-through of ads which is a violation of our guidelines.
As the report points out, the bad apps were able to bypass security checks because it activates a communication channel directly with the attacker and this is not within Apple’s view. Wandera also notified Apple’s team of the malware on all the apps, following which Apple has taken down all the compromised apps, except for two.
These are My Train Info – IRCTC & PNR and Easy Contacts Backup Manager. However, searching for the My Train Info – IRCTC & PNR app on the store does not reveal any results, which means the app could have been removed.