Security Researchers Wandera found out 17 iOS apps infected with a type of clickware. More precisely, they contained malicious code to open web pages or background ads without even having the user interacted with any content.
According to the publication, this type of software aims to generate revenue for the attacker, who pays each time a user clicks on your ad in apps. Wandera also points out that this can be used to financially hurt other advertisers, as certain companies may increase revenue without being properly tied to an advertising service (which must follow certain parameters to advertise app content).
Apps span a variety of categories, including productivity, utilities, and travel; all of them were developed by AppAspect Technologies Pvt. Ltd, a company based in India but the apps were distributed worldwide. To circumvent Ma's security system, this software uses a C&C server (Command & Control), which basically implements a backdoor in apps.
This way hackers can distribute ads, send commands, and even authorize payments. This is done through encrypted codes between the C&C server and the app. Overall, AppAspect has 51 apps listed on the App Store, 35 of which are free; of these, 17 communicate with the alternate server. Just them:
All are available on the American App Store and only a few on the Brazilian App Store; Still, anyone with a US account may have downloaded any of these apps so beware. Wandera also said that upon discovering the vulnerability, it immediately contacted Apple, which in turn removed the apps.
Upon further investigation, Apple found that none of the software contained any Trojans, as suspected by Wandera. Instead, the software was removed as it included codes that allowed artificial clicking on advertisements. A company spokesman confirmed the removal of the apps and that App Store protection tools have been updated to detect similar apps from now on.
In addition, security researchers said that by deleting these apps, no type of framework remains installed on the device, that is, by deleting them the user can be sure to be free from the çI say malicious.
It is also worth noting that the same developer has 28 Android apps listed on the Play Store, although none of them communicate with the C&C server; however, AppAspect has previously been notified by Google precisely for distributing apps infected with malicious code, which were removed from the store and then republished apparently without any kind of problem.
via Forbes
