[ad_1]
An image of Dr. Adware's marketing
Security researchers found applications "exfiltrating" data on unknowing servers, all of which were available for download on Apple's Mac App Store. Each of the apps managed to overtake the Apple submission process for the store and was available for download alongside other legitimate apps.
MalwareBytes reports that in some cases the data is sent to servers in China, a country that does not require the same strict storage requirements as the US or European countries for personal data. In such cases, it is highly likely that the data will be used for malicious purposes.
The largest application on the list is Adware Doctor, which ranks the top of the paid utilities on the Mac App Store, and is removed after the reports on it were released on Friday. The application claims to remove adware threats from a Mac, including extensions and cookies in browsers, but Patrick Wardle advises to "recover" the browsing history of the browser. 39; user, as well as a list of all running processes. downloaded software on the Mac.
Although Apple has implemented processes to prevent applications from accessing data whose viewing was not allowed, the application uses a flaw to circumvent the restrictions.
The application is also a clone of Adware Medic, appeared in 2015 in the form of a copy of an application of the same name, originally created by the developer of MalwareBytes for Mac. At that time, the application was removed after Apple was informed, but came back with a new name, with MalwareBytes repeatedly fighting to dismount the clones of the same company's application that continue to appear in the store.
Shortly after information about the nature of the application's malware circulated to other security researchers, the Chinese server was disconnected, preventing the sending of any other data , without interrupting local collection of future data. Wardle also advised Apple about the application in early August, but the application has just been removed from the Mac App Store a month later.
A second application, Open Any Files, supports the ability of a system to manage documents that are not associated with an existing application, by using the ability to promote other applications that are supposed to open files. Besides the additional behavior based on the affiliate, the app has also proven to have similar features to Adware Doctor, by acquiring the browsing and search history of Safari, Chrome and Firefox , as well as the App Store.
Although the application was reported to Apple in December 2017, it is still available for download on the Mac App Store.
Dr. Antivirus, discovered through Open Any Files, performs a similar data collection, but with limitations, limited by macOS. The same data was collected and exfiltered, but with the addition of a file detailing the metadata of each application installed on the Mac.
The same developer created Dr. Cleaner, which collected the user's Mac data again and sent it to a specific address.
The malware discoveries challenge the security of applications available on the Mac App Store and the ability of Apple to ensure their security before making them available for purchase or download. According to Malwarebytes, the company has reported these cases of malware to Apple for years, with barely immediate action to remove the offending applications.
There is also the problem of developers distributing malware that is not blocked in the Mac App Store, because creators can sometimes bring back the same applications to the store in a short period of time.
MalwareBytes encourages users to "treat the App Store as any other download location: potentially dangerous". Although free apps may seem harmless, "if you have to give this app access to any of your data as part of its expected functionality, you may not know how it will use that data."
"Worse, even if you do not give it access, it can create a loophole and have access to sensitive data anyway," adds the firm.
Apple has a dedicated web page to report issues, including malware that creeps into the Mac App Store, that users can use to report these issues.
[ad_2]
Source link
