By Ryan Daws
04 November 2019, 16:04 p.m.
comment - Categories
Apple has removed 18 iOS apps after determining they were being used to earn money for cyber criminals by
conducting ad fraud.
The apps were found to be secretly clicking adverts to earn the attacker cash. While such conduct is not intrusive and
may not even be noticeable by the user, it can slow down the device, use more data, and/or drain the battery faster.
Security researchers at Wandera discovered 17 of the infected apps which spanned a wide range of categories including
productivity, utilities, and navigation. Apple spotted a further app using the same technique.
Wandera first noticed dodgy activity originating from a speedometer app on a client’s smartphone. When they investigated
it further, it was contacting a command and control server that had been previously identified as being involved with issuing
ad fraud orders on Android.
On Android, this kind of thing is generally a little more commonplace. There’s less risk for Android users that stick
own Play Store, in countries where it’s available, but those who venture outside into third-party stores can often find their
devices riddled with adware.
The researchers decided to install other apps by India-based developer AppAspect Technologies. After keeping the devices
connected to WiFi, the researchers found no foul play. Wandera then added a SIM card and a few days later they noticed the
apps reaching out to the same command and control server as the original speedometer app.
By only reaching out to the command and control server when connected with a SIM card installed, it’s clearly designed as an
added check to help ensure the device belongs to a standard person rather than a security researcher. Credit where due, it’s
clever – but not enough to fool Wandera.
Here are the 17 infected apps:
RTO Vehicle Information
EMI Calculator & Loan Planner
File Manager – Documents
Smart GPS Speedometer
CrickOne – Live Cricket Scores
Daily Fitness – Yoga Poses
FM Radio – Internet Radio
My Train Info – IRCTC & PNR
Around Me Place Finder
Easy Contacts Backup Manager
Ramadan Times 2019
Restaurant Finder – Find Food
BMI Calculator – BMR Calc
Video Editor – Mute Video
Islamic World – Qibla
Smart Video Compressor
The developer has 28 apps published on Google Play which Wandera tested and did not find any communication with the
malicious command and control server. However, Wandera did find they were once infected and have since been republished
without the offending code.
AppAspect Technologies claims it’s innocent and only knew about the issue after Apple removed its apps.