Mobile security researchers have found a total of 17 apps on the iOS App Store that contain a malicious clicker trojan.
While most of the apps have since been removed from the App Store, there’s a chance that they still may be on your device. Here’s what you should know.
What Does the Trojan Do?
The malware in question is designed to carry out “ad fraud,” essentially opening web pages in the background without a user’s intent and simulating ad clicks to generate revenue for the attacker.
This particular strain of iOS malware was found to be bundled with 17 apps that somehow made it through Apple’s typically strict app review process, according to researchers at Wandera Threat Labs.
In addition to inflating website traffic and making money on a pay-per-click basis, clicker trojans like these can also be used to “drain the budget of a competitor by artificially inflating the balance owed to the ad network,” Wandera wrote.
The malicious ad fraud apps were distributed across various categories — including fitness, productivity, contacts, GPS, utilities and travel apps.
Who Made It?
Wandera found that the apps were all created and distributed by an Indian firm named AppAspect Technologies Pvt. Ltd., which has a total of 51 apps on the iOS App Store and 28 Android apps on the Google Play Store.
It isn’t clear, however, if AppAspect actually included the malicious code intentionally or if it was added later by a compromised third-party framework, Wandera notes.
The malicious iOS apps were also found to communicate with a command and control (C2) server that has been previously tied to similar ad fraud campaigns on Android.
AppAspect’s Android apps, on the other hand, weren’t found to exhibit any malicious behavior related to that C2 server. But the developer has had malicious apps infected and removed from the Google Play Store in the past.
View the full list of 17 apps you should delete from your iPhone here.
17 Apps You Should Delete from Your iPhone Right Now
The first step toward securing your iPhone, iPad or iPod touch is to realize that iOS apps aren’t automatically safe from malware or malicious activity. Despite Apple’s strict app review process, some malicious code can sometimes slip through.
You should check to see if the apps you have on your device come from legitimate and well-reviewed developers. It’s also worth double-checking their iOS permissions to make sure that they aren’t asking for too much access.
As always, it’s also smart to keep your device’s software up-to-date to ensure that you have the latest security fixes and patches installed.
The full list of infected iOS apps can be found below — you should delete them immediately if you have them on your device.
- RTO Vehicle Information
- EMI Calculator & Loan Planner
- File Manager – Documents
- Smart GPS Speedometer
- CrickOne – Live Cricket Scores
- Daily Fitness – Yoga Poses
- FM Radio PRO – Internet Radio
- My Train Info – IRCTC & PNR?*
- Around Me Place Finder
- Easy Contacts Backup Manager
- Ramadan Times 2019 Pro
- Restaurant Finder – Find Food
- BMI Calculator PRO – BMR Calc
- Dual Accounts Pro
- Video Editor – Mute Video
- Islamic World PRO – Qibla
- Smart Video Compressor
It is worth noting that the infected apps have all been removed from the App Store, except for My Train Info – IRCTC & PNR.
Image Gallery of Infected Apps
