info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Unhackable Apple: More malicious apps found in Mac App Store that are stealing user data
0 views
Skip to first unread message
Gates Foundation
Sep 8, 2018, 8:28:15 PM9/8/18
to
Security researchers have independently found apps
"exfiltrating" data to servers without the user's knowledge, all
of which were available to download from Apple's Mac App Store.
Each of the apps managed to get past Apple's submission process
for the store and were available to download alongside other
legitimate apps.
MalwareBytes reports that, in some cases, the data is dispatched
to servers in China, a country that doesn't require the same
stringent storage requirements as the United States or European
countries for personal data. In cases like these, it is highly
likely the data is being used for malicious purposes.
The biggest app of the list is Adware Doctor, which topped the
chart for paid utilities in the Mac App Store, before being
removed after the reports about it first emerged on Friday. The
app claims to remove adware threats from a Mac, including
extensions and cookies in browsers, but Patrick Wardle advises
the "cleaning" process involves collecting the browsing history
of the user, as well as a list of all running processes, and a
list of software downloaded to the Mac.
While Apple has processes in place to prevent apps from
accessing data it did not have permission to view, the app uses
a loophole to work around the restrictions.
The app is also a clone of Adware Medic, which surfaced in 2015
as a copy of an app of the same name, originally created by the
developer of MalwareBytes for Mac. At the time, the app was
removed after Apple was informed, but returned with a new name,
with MalwareBytes repeatedly fighting to take down clones of the
app from the same company that keep appearing in the store.
Shortly after news of the app's malware nature circulated around
other security researchers, the chinese server went offline,
preventing other data from being sent off, but not halting the
local collection of data for future dispatches. Wardle also
advised to Apple about the app in early August, but the app has
only just been removed from the Mac App Store, one month later.
A second app, Open Any Files, takes over a system's ability to
handle documents that are not associated with an existing app,
using the opportunity to advertise other apps that supposedly
could open files. Aside from the extra affiliate-based behavior,
the app was also found to have similar characteristics to Adware
Doctor, in acquiring the browsing and search history of Safari,
Chrome, and Firefox, as well as the App Store.
While the app was reported to Apple in December 2017, it is
still available to download from the Mac App Store.
Dr. Antivirus, discovered through Open Any Files, performs
similar data collection but with limitations, restricted by
macOS. The same data was collected and exfiltrated, but with the
addition of a file detailing metadata of every application
installed on the Mac.
The same developer created Dr. Cleaner, which again collected
data from the user's Mac and sent it to a specific address.
The discoveries of the malware calls into question the safety of
apps available from the Mac App Store, and Apple's ability to
make sure they are safe before making them available to purchase
or download. According to Malwarebytes, the company has reported
such instances of malware to Apple for "years," with barely any
immediate actions undertaken to remove the offending apps.
There is also the issue of developers found to be distributing
malware failing to be blocked from the Mac App Store, as the
creators are sometimes able to bring the exact same apps back to
the store in a short space of time.
MalwareBytes encourages users to "treat the App Store just like
you would any other download location: as potentially
dangerous." While free apps may seem harmless, "if you have to
give that app access to any of your data as part of its expected
functionality, you can't know how it will use that data."
"Worse, even if you don't give it access, it may find a loophole
and get access to sensitive data anyway," the firm adds.
Apple has a dedicated webpage for reporting problems, including
malware that slips into the Mac App Store, which users can use
to alert to such issues.
https://appleinsider.com/articles/18/09/07/more-malicious-apps-
found-in-mac-app-store-that-are-stealing-user-data
"exfiltrating" data to servers without the user's knowledge, all
of which were available to download from Apple's Mac App Store.
Each of the apps managed to get past Apple's submission process
for the store and were available to download alongside other
legitimate apps.
MalwareBytes reports that, in some cases, the data is dispatched
to servers in China, a country that doesn't require the same
stringent storage requirements as the United States or European
countries for personal data. In cases like these, it is highly
likely the data is being used for malicious purposes.
The biggest app of the list is Adware Doctor, which topped the
chart for paid utilities in the Mac App Store, before being
removed after the reports about it first emerged on Friday. The
app claims to remove adware threats from a Mac, including
extensions and cookies in browsers, but Patrick Wardle advises
the "cleaning" process involves collecting the browsing history
of the user, as well as a list of all running processes, and a
list of software downloaded to the Mac.
While Apple has processes in place to prevent apps from
accessing data it did not have permission to view, the app uses
a loophole to work around the restrictions.
The app is also a clone of Adware Medic, which surfaced in 2015
as a copy of an app of the same name, originally created by the
developer of MalwareBytes for Mac. At the time, the app was
removed after Apple was informed, but returned with a new name,
with MalwareBytes repeatedly fighting to take down clones of the
app from the same company that keep appearing in the store.
Shortly after news of the app's malware nature circulated around
other security researchers, the chinese server went offline,
preventing other data from being sent off, but not halting the
local collection of data for future dispatches. Wardle also
advised to Apple about the app in early August, but the app has
only just been removed from the Mac App Store, one month later.
A second app, Open Any Files, takes over a system's ability to
handle documents that are not associated with an existing app,
using the opportunity to advertise other apps that supposedly
could open files. Aside from the extra affiliate-based behavior,
the app was also found to have similar characteristics to Adware
Doctor, in acquiring the browsing and search history of Safari,
Chrome, and Firefox, as well as the App Store.
While the app was reported to Apple in December 2017, it is
still available to download from the Mac App Store.
Dr. Antivirus, discovered through Open Any Files, performs
similar data collection but with limitations, restricted by
macOS. The same data was collected and exfiltrated, but with the
addition of a file detailing metadata of every application
installed on the Mac.
The same developer created Dr. Cleaner, which again collected
data from the user's Mac and sent it to a specific address.
The discoveries of the malware calls into question the safety of
apps available from the Mac App Store, and Apple's ability to
make sure they are safe before making them available to purchase
or download. According to Malwarebytes, the company has reported
such instances of malware to Apple for "years," with barely any
immediate actions undertaken to remove the offending apps.
There is also the issue of developers found to be distributing
malware failing to be blocked from the Mac App Store, as the
creators are sometimes able to bring the exact same apps back to
the store in a short space of time.
MalwareBytes encourages users to "treat the App Store just like
you would any other download location: as potentially
dangerous." While free apps may seem harmless, "if you have to
give that app access to any of your data as part of its expected
functionality, you can't know how it will use that data."
"Worse, even if you don't give it access, it may find a loophole
and get access to sensitive data anyway," the firm adds.
Apple has a dedicated webpage for reporting problems, including
malware that slips into the Mac App Store, which users can use
to alert to such issues.
https://appleinsider.com/articles/18/09/07/more-malicious-apps-
found-in-mac-app-store-that-are-stealing-user-data
Joerg Lorenz
Sep 8, 2018, 10:23:46 PM9/8/18
to
Am 09.09.18 um 02:18 schrieb Gates Foundation:
<mail...@neodome.net>. Please send questions and concerns to
<ad...@neodome.net>. Report inappropriate use to <ab...@neodome.net>.
Comments: This message did not originate from the Sender address above.
It was remailed automatically by anonymizing remailer software.
Please report problems or inappropriate use to the
remailer administrator at <ab...@dizum.com>.
Subject: Unhackable Apple: More malicious apps found in Mac App Store
that are stealing user data
Message-ID: <75d11ee2ddb7b831...@dizum.com>
From: "Gates Foundation" <ga...@foundation.org>
Newsgroups:
alt.privacy.anon-server,comp.os.linux.advocacy,comp.sys.mac.system,alt.cellular-phone-tech,misc.phone.mobile.iphone
Injection-Info: neodome.net;
posting-account="mail2news";
Path:
eternal-september.org!reader02.eternal-september.org!feeder.eternal-september.org!news.uzoreto.com!news.neodome.net!mail2news
Date: Sun, 9 Sep 2018 02:18:48 +0200 (CEST)
*Crossposting anonymous idiot*!
--
De gustibus non est disputandum
> Security researchers have independently found apps
> "exfiltrating" data to servers without the user's knowledge, all
> of which were available to download from Apple's Mac App Store.
Comments: This message was transferred to Usenet via mail2news gateway at
> "exfiltrating" data to servers without the user's knowledge, all
> of which were available to download from Apple's Mac App Store.
<mail...@neodome.net>. Please send questions and concerns to
<ad...@neodome.net>. Report inappropriate use to <ab...@neodome.net>.
Comments: This message did not originate from the Sender address above.
It was remailed automatically by anonymizing remailer software.
Please report problems or inappropriate use to the
remailer administrator at <ab...@dizum.com>.
Subject: Unhackable Apple: More malicious apps found in Mac App Store
that are stealing user data
Message-ID: <75d11ee2ddb7b831...@dizum.com>
From: "Gates Foundation" <ga...@foundation.org>
Newsgroups:
alt.privacy.anon-server,comp.os.linux.advocacy,comp.sys.mac.system,alt.cellular-phone-tech,misc.phone.mobile.iphone
Injection-Info: neodome.net;
posting-account="mail2news";
Path:
eternal-september.org!reader02.eternal-september.org!feeder.eternal-september.org!news.uzoreto.com!news.neodome.net!mail2news
Date: Sun, 9 Sep 2018 02:18:48 +0200 (CEST)
*Crossposting anonymous idiot*!
--
De gustibus non est disputandum
Anonymous
Sep 8, 2018, 11:30:24 PM9/8/18
to
In article <pn207h$mrm$1...@dont-email.me>
Injection-Info: reader02.eternal-september.org; posting-
host="a6254a89c1cd897c8aeb6aa2f6098311";
logging-data="23414"; mail-complaints-to="abuse@eternal-
september.org"; posting-
account="U2FsdGVkX1+YfEwuDt6hLjxZ/3lNN6P/z0WDInrcdZo="
Joerg Lorenz <hugy...@gmx.ch> wrote:
>
> Am 09.09.18 um 02:18 schrieb Gates Foundation:
> > Security researchers have independently found apps
> > "exfiltrating" data to servers without the user's knowledge, all
> > of which were available to download from Apple's Mac App Store.
>
Whining cunt.
>
> Am 09.09.18 um 02:18 schrieb Gates Foundation:
> > Security researchers have independently found apps
> > "exfiltrating" data to servers without the user's knowledge, all
> > of which were available to download from Apple's Mac App Store.
>
Injection-Info: reader02.eternal-september.org; posting-
host="a6254a89c1cd897c8aeb6aa2f6098311";
logging-data="23414"; mail-complaints-to="abuse@eternal-
september.org"; posting-
account="U2FsdGVkX1+YfEwuDt6hLjxZ/3lNN6P/z0WDInrcdZo="
0 new messages