Apple iPhone users are being warned to check their devices against a list of malicious apps disclosed in a new report. The exposure of such dangers on Google’s Play Store has become a theme this year, with apps laced with adware, subscription fraud and worse exposed and removed. Now Apple is taking its turn in the spotlight. A new report from the research team at Wandera claims that 17 apps from one developer load a malicious clicker trojan module on an iOS device.
Apple says that the apps in question have been removed from the App Store, and upon examination did not contain the trojan malware as claimed. Instead, the apps were removed for including code that enabled the artificial click-through of ads. A spokesperson for Apple confirmed the removal of the apps and that the App Store’s protective tools have been updated to detect similar apps in the future.
According to Wandera, the trojan focused on ad fraud, but also sent data from the infected device to an external command and control server. Wandera told me that an even more worrying element of the malware, one not included in the write-up, is a set of devious techniques to evade detection. The malware triggered only when loaded with an active SIM and left running for two days. We have seen this before on Android—an attempt to hide from security researchers in lab conditions.
“We were amazed with this one,” Wandera VP Michael Covington told me ahead of the report’s release. “We’ve seen a couple of issues creep into the Apple App Store over the last few months—and it always seems to be the network element.” In his view, Apple misses the runtime element of an app’s behaviour when scanned before approval. “They don’t have a deep threat research expertise,” he explained, “but to find malicious network traffic, you have to watch live apps and see how they perform.”