Mobile security company Wandera issued a report Thursday afternoon identifying 17 apps in Apple’s App Store infected with clicker Trojan malware, all of which are tied to the same India-based developer.
By Friday morning, Apple confirmed they’d been booted from the App Store.
Apple told at least one news outlet that 18 apps were removed following the report, but Wandera appears to believe that double-counts one of the apps, with the firm noting in its findings that its “initial list of infected apps included two instances of cricket score app ‘CrickOne’ that were hosted on different regional App Stores and contain distinct metadata.” Upon review, Wandera found that those apps use the same codebase.
This comes one day after we noted that another security company had uncovered the existence of some 42 adware-filled Android apps that racked up millions of downloads before Google kicked them off the Google Play Store.
From Wandera’s report, these are the 17 iOS apps the firm identified as being infected with malware that performs ad fraud by either making frequent connections to ad networks or websites — which is done to artificially boost visitor counts — or to generate pay-per-click revenue. Wandera cites a statement from Apple as confirming that the apps have been removed for having code that violates App Store guidelines by allowing for the artificial click-through of ads and that Apple has updated its detection tools.
Here are all of the apps in question:
RTO Vehicle Information
EMI Calculator & Loan Planner
File Manager – Documents
Smart GPS Speedometer
CrickOne – Live Cricket Scores
Daily Fitness – Yoga Poses
FM Radio – Internet Radio
My Train Info – IRCTC & PNR
Around Me Place Finder
Easy Contacts Backup Manager
Ramadan Times 2019
Restaurant Finder – Find Food
BMI Calculator – BMR Calc
Dual Accounts
Video Editor – Mute Video
Islamic World – Qibla
Smart Video Compressor
“The apps identified by Wandera communicate with the same (command and control) server using a strong encryption cipher that the researchers have not yet cracked,” Wandera’s report notes, adding this ominous detail: “Android apps communicating with the same server were gathering private information from the user’s device, such as the make and model of the device, the user’s country of residence and various configuration details.”
Compiled by Olalekan Adeleye
BGR