Apple has removed 18 iOS apps after determining they were being used to earn money for cybercriminals by conducting ad fraud.
The apps were found to be secretly clicking adverts to earn the attacker cash. While such conduct is not intrusive and may not even be noticeable by the user, it can slow down the device, use more data, and/or drain the battery faster.
Security researchers at Wandera discovered 17 of the infected apps which spanned a wide range of categories including productivity, utilities, and navigation. Apple spotted a further app using the same technique.
Wandera first noticed dodgy activity originating from a speedometer app on a client’s smartphone. When they investigated it further, it was contacting a command and control server that had been previously identified as being involved with issuing ad fraud orders on Android.
On Android, this kind of thing is generally a little more commonplace. There’s less risk for Android users that stick to Google’s own Play Store, in countries where it’s available, but those who venture outside into third-party stores can often find their devices riddled with adware.
The researchers decided to install other apps by India-based developer AppAspect Technologies. After keeping the devices connected to WiFi, the researchers found no foul play. Wandera then added a SIM card and a few days later they noticed the apps reaching out to the same command and control server as the original speedometer app.
By only reaching out to the command and control server when connected with a SIM card installed, it’s clearly designed as an added check to help ensure the device belongs to a standard person rather than a security researcher. Credit where due, it’s clever – but not enough to fool Wandera.
Here are the 17 infected apps:
The developer has 28 apps published on Google Play which Wandera tested and did not find any communication with the malicious command and control server. However, Wandera did find they were once infected and have since been republished without the offending code.
AppAspect Technologies claims it’s innocent and only knew about the issue after Apple removed its apps.
Interested in hearing industry leaders discuss subjects like this and sharing their use-cases? Attend the co-located 5G Expo, IoT Tech Expo, Blockchain Expo, AI & Big Data Expo, and Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London, and Amsterdam.