Apple, this week, confirmed that it has removed 17 malware iPhone apps from the App Store after being found that it secretly generating income for the malware creator or cybercriminals. The malicious apps, which came from just a single app developer, covered a wide range of categories, including productivity, platform utilities, travel, and more.
The malicious apps were discovered by security researchers from mobile security firm Wandera, which claimed that the malicious apps used strong encryption to hide from detection. The security researchers added that the malicious app has managed to bypass Apple’s review process because the malicious code was not found within the app itself and the app just received instruction on what to do from a remote server.
Malware creator uses the app to generate some “easy money”
All 17 malicious apps were found conducting some sort of ad-fraud activity, by clicking links and continuously opening windows in the background without the user’s permission in order to generate some income for the malware creator. The malicious apps were found to be communicating with the same remote command and control (C&C) server. This remote command and control server delivers the payload that provides the ad-fraud activity or malicious code. The security researchers suggest that malicious code has allowed malicious apps to bypass the Apple App Store’s strict security measures.
While ad-fraud activity like the adware isn’t as intrusive as other forms of malware, it can also cause serious issues for the infected device. It can cause slow down the machine’s processing capability, even drain the device’s battery life.
Here’s how to keep our device secure and safe from the malicious apps
Right now, it still not known how many times the malicious apps have been downloaded from the App Store because Apple doesn’t provide precise data about the numbers of downloads requested from its official app marketplace. While the latest malware doesn’t affect the entire iOS ecosystem as it impacts Google Android-powered devices, security researchers warn that this latest malware discovery only shows that even iOS devices can fall victim to malicious applications and users should be careful when they download and install applications from either Google Play Store or Apple App Store.
Finally, the security researchers made some important advice about this latest security issue. The researchers recommend taking extra time to research an app before downloading it from the App Store. Users will need to look first into the developer profile, check their app thoroughly, explore their website, support page and everything about the developer. Also, look for app reviews posted online and be mindful that developers can pay money for fake reviews and comments.
These are the first things to do before downloading certain mobile applications from the Google Play Store or App Store. If the profile or website doesn’t look like a professional operation or legitimate company, do not proceed or download any apps from that developer.