Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Click-Fraud Trojan Found in Apple App Store

A total of seventeen iOS applications infected with clicker Trojan malware made it into the Apple App Store, Wandera’s threat researchers have discovered.

The infected applications, Wandera says, communicated with a known command and control (C&C) server to simulate user interactions. Thus, they allowed operators to fraudulently collect ad revenue.

A total of seventeen iOS applications infected with clicker Trojan malware made it into the Apple App Store, Wandera’s threat researchers have discovered.

The infected applications, Wandera says, communicated with a known command and control (C&C) server to simulate user interactions. Thus, they allowed operators to fraudulently collect ad revenue.

Just as other similar malware, the clicker Trojan was designed to inflate website traffic and generate revenue on a pay-per-click basis.

The Trojan performs the ad fraud tasks in the background through continuously opening web pages and clicking on links without requiring any form of user interaction.

The 17 infected applications were published in the App Store in various categories, including productivity, platform utilities and travel. However, they made it to the app store front in various countries from the same developer, India-based AppAspect Technologies Pvt. Ltd.

The developer has a total of 51 applications in the App Store, including 35 offered for free. Of these, 17 were found to be infected, Wandera reports.

These are RTO Vehicle Information, EMI Calculator & Loan Planner, File Manager – Documents, Smart GPS Speedometer, CrickOne – Live Cricket Scores, Daily Fitness – Yoga Poses, FM Radio PRO – Internet Radio, My Train Info – IRCTC & PNR (not listed under developer profile), Around Me Place Finder, Easy Contacts Backup Manager, Ramadan Times 2019 Pro, Restaurant Finder – Find Food, BMI Calculator PRO – BMR Calc, Dual Accounts Pro, Video Editor – Mute Video, Islamic World PRO – Qibla, and Smart Video Compressor.

All of the infected apps would communicate with the same C&C, which was previously exposed in a Dr. Web report on a clicker Trojan targeting Android.

The identified iOS applications use strong encryption to communicate with the C&C server. As per Dr Web’s report, the Android apps that were communicating with the same server were gathering users’ private information, including device make and model, country of residence, and configuration details.

AppAspect Technologies has 28 applications published in Google Play at the moment, but none of them was found to be communicating with the aforementioned C&C server.

However, the developer had some infected Android applications published to Google Play, although they were removed from the store. The developer has republished them, without the malicious code inside.

“It’s unclear whether the bad code was added intentionally or unintentionally by the developer,” Wandera says.

Although one of the less frequently seen threats in the wild, mobile malware is being increasingly used in targeted attack scenarios, and the newly discovered applications prove that attackers are focusing more on introducing malware into official app sources, Wandera notes.

“As always, we recommend that mobile-enabled businesses undergo some form of app security vetting to ensure apps, especially free apps, are trustworthy,” Wandera concludes.

Related: Apple Patches iOS 13 Bug Allowing Third-Party Keyboards “Full Access”

Related: Fake ‘checkra1n’ iOS Jailbreak Offered in Click Fraud Scheme

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Cybercrime

A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.

Mobile & Wireless

South Dakota Gov. Kristi Noem says her personal cell phone was hacked and linked it to the release of documents by the January 6...

Malware & Threats

Norway‎-based DNV said a ransomware attack on its ship management software impacted 1,000 vessels.