Mobile security researchers have found a total of 17 apps on the iOS App Store that contain a malicious clicker trojan.
While most of the apps have since been removed from the App Store, there’s a chance that they still may be on your device. Here’s what you should know.
What Does the Trojan Do?
The malware in question is designed to carry out “ad fraud,” essentially opening web pages in the background without a user’s intent and simulating ad clicks to generate revenue for the attacker.
This particular strain of iOS malware was found to be bundled with 17 apps that somehow made it through Apple’s typically strict app review process, according to researchers at Wandera Threat Labs.
In addition to inflating website traffic and making money on a pay-per-click basis, clicker trojans like these can also be used to “drain the budget of a competitor by artificially inflating the balance owed to the ad network,” Wandera wrote.
The malicious ad fraud apps were distributed across various categories — including fitness, productivity, contacts, GPS, utilities and travel apps.
Who Made It?
Wandera found that the apps were all created and distributed by an Indian firm named AppAspect Technologies Pvt. Ltd., which has a total of 51 apps on the iOS App Store and 28 Android apps on the Google Play Store.
It isn’t clear, however, if AppAspect actually included the malicious code intentionally or if it was added later by a compromised third-party framework, Wandera notes.
The malicious iOS apps were also found to communicate with a command and control (C2) server that has been previously tied to similar ad fraud campaigns on Android.
AppAspect’s Android apps, on the other hand, weren’t found to exhibit any malicious behavior related to that C2 server. But the developer has had malicious apps infected and removed from the Google Play Store in the past.