[ad_1]
A popular leading app in Apple Mac App Store has been found stealing browser logs from anyone downloading it.
Yet, at the time of writing this article, the malicious application – Adware Doctor – is the highest-paying app in the app categories of utilities. But Apple was warned weeks ago and did nothing to put the application offline.
Now, it seems that Apple has removed the application. A spokesperson did not respond to requests for comment.
Apple's closed garden approach to Mac and iPhone security relies almost entirely on the inability to install applications outside of the app store, which Apple is watching closely. While it is not uncommon to hear that dangerous apps are slipping into the Google Play Store, it's almost impossible for Apple to face the same fate. Any application that does not meet the rigorous and sometimes moral security criteria of the company will be rejected and users will not be able to install it.
This application promises to "keep your Mac safe" and "get rid of unwanted ads," and even "discover and remove threats on your Mac." This will steal and download the history of your browser – including any sites you have searched for or accessed – to servers in China managed by the manufacturers of the application.
Thanks in part to a video released last month on YouTube and using the Malwarebytes security company, it's now clear that the app is working.
Security researcher Patrick Wardle, a former NSA hacker and now director of cybersecurity start-up research Digita Security, unearthed and shared his findings with TechCrunch.
Wardle discovered that the downloaded app was jumping through the arcades to bypass Apple's Mac sandboxing features, which prevented apps from entering data on the hard drive, and downloading browser history from Chrome browsers , Firefox and Safari.
Wardle found that the application, through Apple's wrong assessment, could request access to the user's home directory and files. According to Wardle, this is not unusual because tools that sell as anti-malware or anti-adware are waiting for access to the user's files to detect problems. When a user authorizes this access, the application can detect and clean adware, but if it turns out to be malicious, they can "collect and exfiltrate any file user, "said Wardle.
Once the data is collected, it is compressed into an archive file and sent to a China-based domain.
Wardle said that for some reason over the past few days, the China-based domain has become disconnected. At the time of writing, TechCrunch confirmed that the domain would not be resolved – in other words, it was still down.
"Let's face it, your browsing history gives you a glimpse of just about every aspect of your life," said Wardle's post. "And people have even been convicted on the basis of their Internet searches!"
He stated that the application's access to this data "is clearly based on misleading the user".
Apple was contacted weeks ago. The e-mail with which he replied, in a few words, said: "We can not tell you anything," but we sent the comments.
A meager $ 4.99 for the app may not seem like enough for the average user, but it's a heavy price for the app to steal your browser's history – something users will never be able to recover. And as Apple reduces each purchase of this popular app by 30%, there is not much financial incentive to remove the app from the store.
Updated at 9h05 PT: with confirmation that the application has been extracted.
Source link
