Apple Store Pulls Malicious Apps

By: Team WTI | Date: October 25, 2019

Categories: Security,

Tags: Apple App Store, Clicker Trojan, Malware, Wandera,

The Apple App Store recently pulled 17 apps that were  infected with clicker trojan malware. The apps themselves don’t have anything that would alert the detection services in the Apple App Store. Instead, the apps communicate with a known command and control server, or C&C server. The server tells the app to simulate user interactions to collect ad revenue fraudulently. The cybersecurity company, Wandera, discovered the apps and reported them to the Apple App Store.

How Clicker Trojans Work

In the case of the clicker trojan module that Wandera discovered, the apps were designed to execute ad fraud-related tasks in the background. These actions could occur without the user even knowing. Some of the actions included repeatedly opening web pages or clicking PPC ads continuously.

These actions would generate revenue for the attacker by inflating web traffic on a pay-per-click basis. The apps could also be used to deplete the budget of a competitor by inflating the balance owed to the ad network.

Wandera classified these trojans as malware similar to Malwarebytes and F-Secure.

What Apps Were Infected

Now that we have brought you up to speed on the background and motive of the bad apps, you may be wondering what applications were included in the scam. The list below covers the 17 malicious apps:

• Around Me Place Finder
• BMI Calculator – BMR Calc
• CrickOne – Live Cricket Scores
• Daily Fitness – Yoga Poses
• Dual Accounts
• EMI Calculator & Loan Planner
• Easy Contacts Backup Manager
• FM Radio – Internet Radio
• File Manager – Documents
• Islamic World – Qibla
• My Train Info – IRCTC & PNR
• RTO Vehicle Information
• Ramadan Times 2019
• Restaurant Finder – Find Food
• Smart GPS Speedometer
• Smart Video Compressor
• Video Editor – Mute Video

The 17 malicious apps were found in app stores in a variety of countries. All of them came from the same developer, AppAspect Technologies Pvt, Ltd.

Below is an image of the apps so you can better detect them on your phone or other mobile devices if you do have them:

According to Wandera, AppAspect Technologies Pvt, Ltd has over 50 apps in the Apple App Store, with 35 being free to download. The tests performed by Wandera on the 35 free apps showed that 17 of them were infected with the clicker trojan virus and were communicating with the same C&C server. This server was discovered by Dr. Web and was part of a similar clicker trojan infestation on Android products.

Although you don’t actively see these apps doing anything malicious, they can slow down your mobile device and/or increase your mobile data costs. It is important to remove these apps from your devices as soon as possible if they aren’t already gone.