A group of ethical hacking experts has discovered a malware variant present in at least 17 apps for Apple, all available in the App Store. The company has started to remove malicious apps from the official store, although it is reported that a considerable number of users would have downloaded at least one of these apps.
After downloading and installing, the apps infect the target system with a Trojan developed to perform fraud and some other malicious activities related to background advertising. “Out of the user’s view, web pages are opened and multiple links are clicked without user interaction,” the report mentions.
Ethical hacking experts claim that these kinds of malwares, known as ‘clicker Trojan’, were designed to generate advertising revenue, inflating traffic from some websites. They also mention that this kind of malware can be used to remove some legitimate advertisements, causing them to reach a limit that leaves them offline.
Subsequently, a company spokesperson mentioned that the apps were removed from the App Store because they have a code that allows you to perform “artificial clicks”, a practice that goes against Apple’s policies. “At Apple, we conduct rigorous audits to detect apps that take advantage of our users to perform any kind of fraud,” the spokesperson added.
Because Apple does not provide information about the number of downloads in the App Store, it is not possible to know the exact number of potentially affected users. However, if you use downloads in the Google Play Store as a reference, you can make a calculation to some extent correct. “The number of downloads of the Android counterparts of these apps exceeds one million users, so affected iOS users could range from 800 thousand to one million”,” the specialists say. According to ethical hacking specialists from the International Institute of Cyber Security (IICS), the 17 malware-infested apps were placed in the App Store by the same developer, identified as AppAspect Technologies Pvt, based in India. This company has almost 30 apps in the Google Play Store, although apparently they don’t connect to the malicious server related to the iOS app.