iBye, bad guy: Apple yanks 18 iOS store apps that sheltered advert-mashing malware

Dev may not have known code was being used for scam traffic

The iOS App Store is 18 applications lighter today after the software was caught harboring malware that secretly clicked on ads, signed up punters for premium services, or deliberately overloaded websites.

Apple on Thursday pulled the apps, all written by India-based AppAspect, after confirming they were being used for click-fraud, generating cash for miscreants. While these types of programs are not uncommon, and can occasionally slip past the Android and iOS app store filters, there's a bit more to this story than your run-of-the mill scamming operation.

The apps themselves are mostly productivity and news programs, many localized for users and services in India – think train timetables and such stuff. They are full and usable apps in their own right, so there is reason to believe the developer may not have known about the malicious activity lurking in its code.

According to the team at Wandara, which uncovered the malicious software and reported the apps to Apple, the programs connected to a command-and-control server to receive orders to carry out. Wandera counted only 17 apps to Apple's 18, as one application appeared in two regions, and so was double counted by the iGant, though it is essentially the same code.

mouse dirty

iFrame clickjacking countermeasures appear in Chrome source code. And it only took *checks calendar* three years


The control server would send the apps commands to do things like load advertisements, open website windows in the background, or even change a device's settings to subscribe it to expensive subscription services.

The existence of this machine has been known of for some time: it was associated with a previous takedown of apps from the same developer on Android.

"Additional research found that AppAspect’s Android apps had once been infected in the past and removed from the store. They have since been republished and don’t appear to have the malicious functionality embedded," Wandara said.

"It’s unclear whether the bad code was added intentionally or unintentionally by the developer."

It's possible, then, that the code to connect to the click-fraud server, both on Android and later iOS, was slipped in by a rogue developer or another scumbag without AppAspect's knowledge.

We've contacted AppAspect for its side of the story, and will update should we hear back. ®

Other stories you might like

  • Workers win vote to form first-ever US Apple Store union
    Results set to be ratified by labor board by end of the week

    Workers at an Apple Store in Towson, Maryland have voted to form a union, making them the first of the iGiant's retail staff to do so in the United States.

    Out of 110 eligible voters, 65 employees voted in support of unionization versus 33 who voted against it. The organizing committee, known as the Coalition of Organized Retail Employees (CORE), has now filed to certify the results with America's National Labor Relations Board. Members joining this first-ever US Apple Store union will be represented by the International Association of Machinists and Aerospace Workers (IAM).

    "I applaud the courage displayed by CORE members at the Apple store in Towson for achieving this historic victory," IAM's international president Robert Martinez Jr said in a statement on Saturday. "They made a huge sacrifice for thousands of Apple employees across the nation who had all eyes on this election."

    Continue reading
  • UK competition watchdog seeks to make mobile browsers, cloud gaming and payments more competitive
    Investigation could help end WebKit monoculture on iOS devices

    The United Kingdom's Competition and Markets Authority (CMA) on Friday said it intends to launch an investigation of Apple's and Google's market power with respect to mobile browsers and cloud gaming, and to take enforcement action against Google for its app store payment practices.

    "When it comes to how people use mobile phones, Apple and Google hold all the cards," said Andrea Coscelli, Chief Executive of the CMA, in a statement. "As good as many of their services and products are, their strong grip on mobile ecosystems allows them to shut out competitors, holding back the British tech sector and limiting choice."

    The decision to open a formal investigation follows the CMA's year-long study of the mobile ecosystem. The competition watchdog's findings have been published in a report that concludes Apple and Google have a duopoly that limits competition.

    Continue reading
  • Apple may have to cough up $1bn to Brits in latest iPhone Batterygate claim
    Lawsuit took its time, just like your older iOS handset

    Another day, another legal claim against Apple for deliberately throttling the performance of its iPhones to save battery power.

    This latest case was brought by Justin Gutmann, who has asked the UK's Competition Appeal Tribunal (CAT) to approve a collective action that could allow as many as 25 million Brits to claim compensation from the American technology giant. He claims the iGiant secretly degraded their smartphones' performance to make the battery power last longer.

    Apple may therefore have to cough up an eye-popping £768 million ($927 million), Gutmann's lawyers estimated, Bloomberg first reported this week.

    Continue reading

Biting the hand that feeds IT © 1998–2022