Apple Inc, the tech giant, has removed a total of 17 applications from its official store as they were responsible for committing ad-fraud. These malicious applications had been programmed to carry out background activities on iPhones so that they would be successful in collecting ad-generated profits.
Applications conducting malicious activities
Security researchers from Wandera uncovered a set of applications that were responsible for performing malicious activities on infected user’s iPhones. These apps had been placed in the official marketplace of Apple as their developers had succeeded in bypassing the built-in protection measures. They were able to do this by using the post-infection Command & Control server communications which helped in committing the ad-fraud.
The trojanized applications had been planted into Apple’s official store by AppAspect Technologies Pvt. Ltd., an Indian developer. It had released a total of 51 applications for Apple products and 28 Android-based devices. The infected apps were coming from a wide range of categories such as travel, religion, productivity, fitness, and others. After the discovery was made, the 17 malicious apps were removed from the App Store. Apple Inc. made the statement that its security measures have been improved so that it can detect similar kinds of application behavior in the future.
Infected apps were Trojans
The security research team from Wandera categorized malicious applications as Trojans. This conclusion was arrived at because of the clicked Trojan module. The primary objective of a majority of clicker Trojans is to generate revenue or the attacker on a “pay-per-click” basis by expanding the website traffic.
Use of Command & Control Server
This incident is not the first time when the malicious Command & Control Server has been used. The same developer had developed all the infected apps. But some of them had been directed towards different nations. This is evident from the fact that some applications had been specifically dedicated to religious groups such as the Islamic World – Qibla or Ramadan Times 2019. But there were other applications as well that had been directed towards other groups like:
- Smart Video Compressor.
- Smart GPS Speedometer.
- FM Radio – Internet Radio.
- EMI Calculator & Loan Planner, etc.
Even though the wide range of apps seemed to be aimed by a diverse group of individuals, they all were communicating with one Command & Control server. Dr. Web had previously analyzed it, and it was used in various other malicious campaigns that had affected more than 101.7 million Android users.
As per Dr. Web, for initiating targeted advertisements on the affected devices and load websites in the backdrop, a remote server had been used. In a few cases, the malware was also able to subscribe to its victims to fake services that could trigger credit card payments every month.
Bypassing Apple’s security Measure
When the research team dug deeper into the matter, it was able to find out that the Indian app maker had previously placed malicious applications in the Play store, where they had been terminated.
It is unclear whether the developer intentionally placed the malicious code in the applications or not. Researchers stated that this incident shows that iOS is being targeted by malicious apps regularly, and its malware-proof remedies seem to be ineffective.