Apple has removed 17 apps from the App Store for being infected with the Trojan malware which fakes users input in order to collect fraudulently ad revenue.
Secuirty research comapny Wandera posted their report ealier today, provoding this example based off of their investgation:
Command & Control enables bad apps to bypass security checks because it activates a communication channel directly with the attacker that is not within Apple’s view. C&C channels can be used to distribute ads (like the ones used by the iOS Clicker Trojan), commands, and even payloads (such as a corrupt image file, a document or more). Simply put, C&C infrastructure is a ‘backdoor’ into the app which can lead to exploitation if and when a vulnerability is discovered or when the attacker chooses to activate additional code that may be hidden in the original app.
There are plenty of examples of new vulnerabilities being discovered that result in private user data being lost and the sandbox being broken. Apple has even been known to inadvertently reintroduce previously published vulnerabilities into their product.
Wandera added that the method used by the developers has still not been patched, noting:
The apps identified by Wandera communicate with the same C&C server using a strong encryption cipher that the researchers have not yet cracked. According to Dr. Web’s report, Android apps communicating with the same server were gathering private information from the user’s device, such as the make and model of the device, the user’s country of residence and various configuration details.
In a statement to ZDNet, Apple confirmed the apps were removed and furthermore added that no major, or widespread malware is currently present within the App Store.
The 17 Apps Removed:
The developer for the apps is AppAspect Technologies, an Indian based startup with a range of apps on the App Store. The developers have confirmed, they will patch the issue, and be re-submitting to Apple for review before being published back on the App Store.
You can read the report by Wandera’s threat research team here.