Apps are an important source of functions for smartphones, but also a source of problems. They are often the entry point for malware and other serious security issues. We have seen lately that Android is the most targeted and apparently most vulnerable mobile OS. But the truth is that iOS also has it’s own flaws and malicious apps. This time, Apple removed 17 apps on its Appstore after they were found with malware.
The apps were found by Wandera’s research team on the App Store with the clicker trojan malware. The trojan did not silently steal any data or pose a privacy risk to users, but it silently open web pages in the background or clicked on ads and other links without any user input. So while your data might have been safe, the trojan was silently draining the battery of your iPhone. Here’s a list of the apps found with malware and you should remove from your iPhone or iPad:
- RTO Automobile Data
- EMI Calculator & Mortgage Planner
- File Supervisor – Paperwork
- Good GPS Speedometer
- CrickOne – Dwell Cricket Scores
- Every day Health – Yoga Poses
- FM Radio PRO – Web Radio
- My Prepare Information – IRCTC & PNR
- Round Me Place Finder
- Simple Contacts Backup Handle
- Ramadan Occasions 2019 Professional
- Restaurant Finder – Discover Meals
- BMI Calculator PRO – BMR Calc
- Twin Accounts Professional
- Video Editor – Mute Video
- Islamic World PRO – Qibla
- Good Video Compressor
Although, Apple has already removed the apps from the Appstore, there are some people who had already downloaded them before the malware was found. So, it is those folks who should uninstall the malware-ridden apps now.
All the 17 apps were from a single developer, AppAspect Technologies. They all communicated witha control serverwhich helped them in simulating user interactions and click on ads. The developer also has 28 apps on the Google Play Store, though none of them were found infected with the same clicker trojan.
All the infected apps managed to bypass Apple’s various checks and app review process because the trojan code was not present in the apps themselves. Instead, the code was being sent to them from their control server which is not something that Apple checks for during its review process. Post this incident, Apple has said that it is looking into improving its app review process to detect such activities.