These 17 iPhone apps have been removed from the Apple App Store for delivering malware

Researchers uncover malicious iPhone applications in Apple's official marketplace after apps bypassed security measures by hiding code behind a C&C server.
Written by Danny Palmer, Senior Writer

Seventeen malicious iPhone apps have been removed from the Apple App Store after being found to click on adverts secretly, generating income for cyber criminals.

The applications -- all from the same developer -- were found conducting ad-fraud, by clicking links and continuously opening windows in the background without the user's knowledge in order to generate revenue for the attacker. While adware isn't as intrusive as other forms of malware, it can cause issues for the device, such as slowing it down or draining the battery.

Uncovered by researchers at security company Wandera, the 17 applications cover a range of categories including productivity, platform utilities, and travel. All 17 were found to be communicating with the same command-and-control server, which uses strong encryption in an effort to hide investigation into the malicious activity.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)

This C&C server delivers the payloads that provide the ad-fraud activity, and researchers suggest it's by putting malicious code in an external source like this that has enabled the apps to bypass the App Store's security measures.

"We believe these apps bypassed the Apple vetting process because the developer didn't put any 'bad' code directly into the app. Instead, the app was configured to obtain commands and additional payloads directly from the C&C server, which is outside of Apple's review purview," said Michael Covington, VP of product strategy at Wandera.

While all 17 of the malicious apps are produced by the same developer, it's uncertain whether their malicious behaviour is intentional or not, as it's possible the developer could have been compromised by a third-party source in the supply chain. In total, the developer concerned has published 51 apps to the App Store.

In an email to ZDNet, Apple confirmed that the offending applications have been removed from the App Store and that security tools have been updated to detect similar apps being uploaded in future.

It's not known how many times the applications have been downloaded because Apple doesn't provide download numbers for downloads from its App Store.

While malware doesn't affect the iOS ecosystem as much as it impacts Google Android smartphones, researchers warn that this discovery demonstrates that even Apple mobile devices can fall victim to malicious software, and that users should be mindful of what they download and install.

"We recommend taking some extra time to research an app before downloading it. Start with looking at the app reviews and be mindful that many developers pay for fake reviews, so read through them and look for bad experiences that are consistently referenced or 'liked' by other users," said Covington.

"Then look into the developer profile, check out their other apps, look at their website, privacy policy, and support pages. These are all clues. If it doesn't look like a professional operation, it's probably not," he added.


Editorial standards