Researchers at Wandera Threat Labs found 17 apps in the Apple App Store that have been infected with clicker Trojan malware. These apps were found to perform advertising fraud-related tasks in the background that use the Command and Control (C2) servers of a similar Android fraud campaign. All of these malicious apps are created by the India-based AppAspect Technologies Pvt. Ltd., a developer that published a total of 51 apps in the Apple App Store and 28 Android apps in the Google Play Store. The malware bundled in the 17 iOS apps are designed to communicate with a previously known C2 server and stimulates ad clicks that open web pages in the background without the need for user interaction, thus carrying out ad fraud campaigns on all infected iOS devices. The objective of most clicker trojans is to generate revenue for the attacker on a pay-per-click basis by artificially inflating website traffic, which can also be used to drain the budget of a competitor by artificially increasing the balance owed by the competitor to the ad network. At this point, the researchers say that it is unclear if the malicious code was added intentionally by the app developers or unintentionally after including a compromised third-party framework. The malicious iOS apps are distributed through a wide array of apps in categories that include productivity, platform utilities, travel, contacts directory, speedometer, and a BMI calculator. All of these apps, with the exception of My Train Info, have been removed from the App Store by Apple.
The researchers shared a full list of the apps:
- RTO Vehicle Information
• EMI Calculator & Loan Planner
• File Manager – Documents
• Smart GPS Speedometer
• CrickOne – Live Cricket Scores
• Daily Fitness – Yoga Poses
• FM Radio PRO – Internet Radio
• My Train Info – IRCTC & PNR (not listed under developer profile)
• Around Me Place Finder
• Easy Contacts Backup Manager
• Ramadan Times 2019 Pro
• Restaurant Finder – Find Food
• BMI Calculator PRO – BMR Calc
• Dual Accounts Pro
• Video Editor – Mute Video
• Islamic World PRO – Qibla
• Smart Video Compressor
“This discovery is the latest in a series of bad apps being surfaced on an official mobile app store and another proof point that malware does impact the iOS ecosystem,” Wandera’s researchers concluded. “Mobile malware is still one of the less frequently seen threats in the wild, but we are seeing it used more in targeted attack scenarios.”
Analyst Notes
Prior to downloading any app to a device, it is wise to check if the app is from a legitimate developer with good reviews and that the app does not request more permissions than it needs to function properly. It is advised to install a mobile security solution that blocks malicious apps from communicating with their C2 servers so that customer data is not harvested or stolen. Using security software to protect devices can also help drastically limit a malware’s functionality and eliminate at least some of its destructive potential. Android users should use caution when reviewing any email or SMS text message that urges them to install an app. The safest practice is to only install apps from well-known and trustworthy sources, such as the Google Play Store–Amazon’s app store. However, as this research shows, even trustworthy stores occasionally offer malicious apps for a time until the apps are reported and removed.
