While lately, it would seem that we've been pointing out malware-laden Android apps that should be uninstalled from an Android device
, some iOS apps are just as bad and need to be removed from an iPhone, iPad or iPod touch immediately. Mobile security firm Wandera has discovered
17 clickware apps in the Apple App Store. These contain malware designed to open web pages or click on ads in the background without interaction or knowledge on the part of the user. The motive is to generate revenue for the bad actor who gets paid every time an ad on his or her website is clicked on. Wandera also points out that it can be used to financially cripple a competitor by clicking on ads to hike the amount of money owed to an ad network.
The 17 apps are all from a variety of categories including productivity, platform utilities, and travel. They were found in various countries, listed in the App Store. All 17 were developed by AppAspect Technologies Pvt. Ltd, a company based in India. The apps use a C&C server (Command & Control) which is like having a backdoor placed inside an app. Through this channel, bad actors can distribute ads, send commands and even payloads. This is done through encrypted communications between the app and server. The developer has a total of 51 apps listed in Apple's iOS app storefront, 35 of them free. Of those 35, 17 communicate with the C&C server. They are:
- RTO Vehicle Information
- EMI Calculator & Loan Planner
- File Manager – Documents
- Smart GPS Speedometer
- CrickOne – Live Cricket Scores
- Daily Fitness – Yoga Poses
- FM Radio – Internet Radio
- My Train Info – IRCTC & PNR (not listed under developer profile)
- Around Me Place Finder
- Easy Contacts Backup Manager
- Ramadan Times 2019
- Restaurant Finder – Find Food
- BMI Calculator – BMR Calc
- Dual Accounts
- Video Editor – Mute Video
- Islamic World – Qibla
- Smart Video Compressor
Wandera notes that when its Threat Research team discovered the vulnerability, it automatically spoke with Apple, which removed 15 of the apps. The only two that remain listed in the App Store are My Train Info – IRCTC & PNR and Easy Contacts Backup Manager.
It should also be pointed out that the same developer has 28 apps listed in the Google Play Store, although none of them communicate with the C&C server. However, keep in mind that AppAspect Technologies has listed infected Android apps in the Google Play Store in the past and they were removed by Google. The apps were subsequently republished and are now apparently clean, according to Wandera.
If you have any of these apps on your iOS device, delete them immediately!
For those who believe that only Android apps get infected with malware, Wandera says, "This discovery is the latest in a series of bad apps being surfaced on an official mobile app store and another proof point that malware does impact the iOS ecosystem." The mobile security firm adds that "mobile malware is still one of the less frequently seen threats in the wild, but we are seeing it used more in targeted attack scenarios. Techniques like those used in this example also point to more instances of malware being introduced into official app sources, making it more accessible to everyday consumers and mobile workers alike."
If you have any of the above-listed apps on your iPhone, iPad or even iPod touch, you should uninstall them immediately. In the best-case scenario, these apps are opening websites, serving up ads and clicking on them in the background without requiring any interaction on your part. But this could help drain your battery and hog your phone's resources. And in the worst-case scenario, payloads could be deposited on your iPhone designed to steal your personal information like passwords and other private data.