Photo: Tada Images (Shutterstock)
Apple’s devices and App Store are generally considered more secure compared to competitors like Android or Windows. Apple has greater control and curation over the software it allows on the App Store, making malware much less common than on, say, Google Play. However, as the last few weeks have shown, even reputable-seeming, frequently downloaded apps can secretly be malware—yes, even on Apple platforms.
Most recently, security research Alex Kleber discovered seven malware apps hiding in plain sight on the Mac App Store. All seven apps were seemingly made by separate publishers according to the App Store listings, but Kleber discovered they were actually made by a single group based in China.
The apps in question include:
PDF Reader for Adobe PDF Files (Sunnet Technology Inc.)Word Writer Pro (Netozo Limited)Screen Recorder (Safeharbor Technology L Ltd.)Webcam Expert (Wildfire Technology Inc.)Streaming Browser Video Player (Boulevard Technology Ltd.)PDF Editor for Adobe Files (Polarnet Limited)PDF Reader (Xu Lu, apparently associated with Sunnet Technology Inc.)While Apple has scrubbed these apps from the macOS App Store, they won’t be removed from any devices that downloaded them. If you have any of these apps on your Mac, delete them as soon as possible.
All of these apps ranked among the top 100 most-downloaded apps in the U.S. App Store ranks, some of which climbed within the top 10, and PDF Reader for Adobe PDF Files ranked number 1 in the Education category.
Uploading malware to Apple’s App Store is difficult, but clearly not impossible. The developers behind the seven malware apps submitted “benign” versions of apps that hid dangerous code in its encrypted database. Once the app passed certification and was available on the App Store, it essentially “morphed” and activated the hidden malware. Many Android malware apps use a similar strategy to circumvent the Play Store’s security checks.
Apple removed all seven apps following Kleber’s disclosure, but their existence shows how easy it is for malware to appear anywhere, even on seemingly secure platforms like Apple’s App Store.
In fact, last week MacRumors reported on a high-ranking third-party Facebook Ad management app that was stealing user data, taking over their accounts, and using the account owner’s ad budget to promote ads for the malicious app developer’s software. Apple also removed the unnamed fraudulent app from the iOS App Store, but it apparently racked up over 250,000 downloads before it was disabled.
While you’re safe from this recently-identified App Store malware, let this serve as a warning against downloading unknown apps from any platform. No platform is completely safe, and if fake apps can climb the rankings like this, it’s likely there’s other malware hiding on the App Store right now.
Malicious app developers go to great lengths to appear legitimate. Some apps will imitate, or outright steal, the interfaces and features of other software. They will normally work as intended, too, while hiding scams or invasive data-stealing functions. These intrusive features usually—though not always—require high privilege permissions that are unrelated to the app’s advertised use.
Many hackers even create fake companies, including fake websites and privacy policies (which are requirements for submitting an app to Apple). We’ve seen other fraudulent apps use fake privacy policies on the App Store, but they’re easy to spot if you look closely. Many appear on random domains unrelated to the app or its publisher—the seven apps found by Kleber all used a single GoDaddy domain, for example. Similarly, the apps will often feature suspiciously high ratings and glowing user reviews, which is why it’s important to read more than just the highest-rated or top-listed user comments.
Still, even if you’re hyper-vigilant, the best way to keep you and your devices safe is to only download well known apps from trusted publishers.
[Mac Observer]