If you have any of these 17 dangerous apps on your phone, delete them right now

Mobile security company Wandera issued a report Thursday afternoon identifying 17 apps in Apple’s App Store infected with clicker Trojan malware, all of which are tied to the same India-based developer.

By Friday morning, Apple confirmed they’d been booted from the App Store.

Apple told at least one news outlet that 18 apps were removed following the report, but Wandera appears to believe that double-counts one of the apps, with the firm noting in its findings that its “initial list of infected apps included two instances of cricket score app ‘CrickOne’ that were hosted on different regional App Stores and contain distinct metadata.” Upon review, Wandera found that those apps use the same codebase.

This comes one day after we noted that another security company had uncovered the existence of some 42 adware-filled Android apps that racked up millions of downloads before Google kicked them off the Google Play Store.

From Wandera’s report, these are the 17 iOS apps the firm identified as being infected with malware that performs ad fraud by either making frequent connections to ad networks or websites — which is done to artificially boost visitor counts — or to generate pay-per-click revenue. Wandera cites a statement from Apple as confirming that the apps have been removed for having code that violates App Store guidelines by allowing for the artificial click-through of ads and that Apple has updated its detection tools.

Here are all of the apps in question:

RTO Vehicle Information

EMI Calculator & Loan Planner

File Manager – Documents

Smart GPS Speedometer

CrickOne – Live Cricket Scores

Daily Fitness – Yoga Poses

FM Radio – Internet Radio

My Train Info – IRCTC & PNR

Around Me Place Finder

Easy Contacts Backup Manager

Ramadan Times 2019

Restaurant Finder – Find Food

BMI Calculator – BMR Calc

Dual Accounts

Video Editor – Mute Video

Islamic World – Qibla

Smart Video Compressor

“The apps identified by Wandera communicate with the same (command and control) server using a strong encryption cipher that the researchers have not yet cracked,” Wandera’s report notes, adding this ominous detail: “Android apps communicating with the same server were gathering private information from the user’s device, such as the make and model of the device, the user’s country of residence and various configuration details.”

 

Compiled by Olalekan Adeleye

BGR

Rate this item
(0 votes)