Security firm spots 17 malware apps that have now been removed from the App Store

News
By published
iPad app Store
iPad app Store (Image credit: iMore)

What you need to know

  • 17 apps have been removed from the App Store.
  • The iPhone apps were found to contain malware.
  • The apps covered a wide range of categories.

Apple has confirmed that it has removed as many as 17 apps from the App Store after it was found that they contained malware. Those apps all went through the App Store review process with no issues identified at the time.

Instead, the apps were found by mobile security firm Wandera (via ZDNet). All of the apps functioned as they said they would but also had malware running in the background.

The clicker trojan module discovered in this group of applications is designed to carry out ad fraud-related tasks in the background, such as continuously opening web pages or clicking links without any user interaction.The objective of most clicker trojans is to generate revenue for the attacker on a pay-per-click basis by inflating website traffic. They can also be used to drain the budget of a competitor by artificially inflating the balance owed to the ad network.

Even though no data or financial theft took place, users would have been impacted by the trojan. People with these apps installed might have noticed their iPhone battery draining more quickly than usual. Or it might simply have performed more slowly than expected.

Worryingly, Wandera says that the apps didn't contain the maliscious code but rather received it via a request to a web server. That means there was no way for Apple's App Store review process to spot the malware until the apps were already available. That, in theory, means this could happen again.

The apps communicate with a known command and control (C&C) server to simulate user interactions in order to fraudulently collect ad revenue...Command & Control enables bad apps to bypass security checks because it activates a communication channel directly with the attacker that is not within Apple's view. C&C channels can be used to distribute ads (like the ones used by the iOS Clicker Trojan), commands, and even payloads (such as a corrupt image file, a document or more). Simply put, C&C infrastructure is a 'backdoor' into the app which can lead to exploitation if and when a vulnerability is discovered or when the attacker chooses to activate additional code that may be hidden in the original app.

All of the affected apps were from AppAspect Technologies. Those apps were:

  • RTO Vehicle Information
  • EMI Calculator & Loan Planner
  • File Manager – Documents
  • Smart GPS Speedometer
  • CrickOne – Live Cricket Scores
  • Daily Fitness – Yoga Poses
  • FM Radio – Internet Radio
  • My Train Info – IRCTC & PNR (not listed under developer profile)
  • Around Me Place Finder
  • Easy Contacts Backup Manager
  • Ramadan Times 2019
  • Restaurant Finder – Find Food
  • BMI Calculator – BMR Calc
  • Dual Accounts
  • Video Editor – Mute Video
  • Islamic World – Qibla
  • Smart Video Compressor

If you have any of those installed we'd suggest removing them ASAP.

Oliver Haslam
Oliver Haslam
Contributor

Oliver Haslam has written about Apple and the wider technology business for more than a decade with bylines on How-To Geek, PC Mag, iDownloadBlog, and many more. He has also been published in print for Macworld, including cover stories. At iMore, Oliver is involved in daily news coverage and, not being short of opinions, has been known to 'explain' those thoughts in more detail, too. Having grown up using PCs and spending far too much money on graphics card and flashy RAM, Oliver switched to the Mac with a G5 iMac and hasn't looked back. Since then he's seen the growth of the smartphone world, backed by iPhone, and new product categories come and go. Current expertise includes iOS, macOS, streaming services, and pretty much anything that has a battery or plugs into a wall. Oliver also covers mobile gaming for iMore, with Apple Arcade a particular focus. He's been gaming since the Atari 2600 days and still struggles to comprehend the fact he can play console quality titles on his pocket computer.

Latest in Security
iPhone 15 Plus review
Recent Apple iPhone spyware alerts could have been triggered by China-linked attacks, researchers say
Google One VPN on iPhone
Google is about to give iPhone owners a privacy and security headache as it prepares to shut down another key service
iCloud Keychain on iPad
I can finally use iCloud Keychain and ditch 1Password thanks to this key new feature
At home with 15-inch MacBook Air, on a mosaic balcony table and on a wooden floor.
Old-school Mac malware is hiding in plain sight in this productivity app
M2 Macbook Pro 13 Inch Hero
Researcher claims a key Mac security feature can be bypassed and Apple won't fix it
macOS Ventura Passkeys
The apple.com website adds passkey support, but there's a catch
Latest in News
iMore Logo
One more thing… Goodbye from iMore
Jony Ive
Jony Ive’s OpenAI hardware device could be his next world-changing design
NEBULA Cosmos 4K SE with Apple TV
This new 4K projector is tempting me to replace my LG C2 TV, just so I can watch Slow Horses on a 200-inch display
VisionOS 2 app reorganization
visionOS 2 is the first major software update for Apple Vision Pro, and now it's available
macOS Sequoia
macOS Sequoia (version 15) is now available for your Mac with some big upgrades
watchOS 11
watchOS 11 is now rolling out to all Apple Watch users with the Series 6 or newer
More about security
iPhone 15 Plus review

Recent Apple iPhone spyware alerts could have been triggered by China-linked attacks, researchers say
Google One VPN on iPhone

Google is about to give iPhone owners a privacy and security headache as it prepares to shut down another key service
iMore Logo

One more thing… Goodbye from iMore
See more latest