Want to share with your friends too?

Science
07 Jan 2019

Over dozen iPhone apps caught communicating with malware-linked server

iPhone apps found communicating with malware-linked server

Historically, the problem of malicious or fake apps is more pronounced on Android than iOS.

Every now and then, we hear about a malicious app sneaking into the Google Play Store and then being removed.

But, this time around, it is iOS, where over a dozen apps have been caught communicating with a known malware-linked server, TechCrunch reported.

Here's more on the matter.

In context

iPhone apps found communicating with malware-linked server
14 retro games tied to malware-linked server

Issue

14 retro games tied to malware-linked server

Researchers at security-firm Wandera have spotted 14 different iOS apps communicating with a malware-associated server.

The apps, most of which were retro-style games, connected to a command and control server that had earlier contributed to the spread of Golduck malware on several Android phones.

More than a year ago, it had compromised millions of users, giving hackers the capabilities to control their devices, remotely.

Server

Games not infected, but server poses risk

The games were discovered when Wandera's team, which had kept an eye on the malware-associated server, witnessed a connection with iOS devices.

However, it is worth noting that the apps in question were not found to be infected with the malware.

The only problem is their C&C server, which could compromise iPhones, just like it did on Android using classic and retro games.

Love Tech news?

Stay updated with the latest happenings.

Notify Me

How this server could be used to compromise iPhones?

Possible attack

How this server could be used to compromise iPhones?

All the apps in question display ads by taking commands from the server and send some device-related data (IP address, type, and sometimes location data) back to it.

This communication is benign, but the researchers involved in the discovery claimed the same method of displaying ads could be used to install a malicious package on iOS devices and compromise user security.

Comment from researchers on possible attack

"A hacker could easily use the secondary advertisement space to display a link that redirects the user and dupes them into installing a provisioning profile or a new certificate that ultimately allows for a more malicious app to be installed," Wandera researchers told TechCrunch.

Risk

Worryingly, these apps have been downloaded nearly a million times

The risk gets even bigger when you see all 14 apps have been downloaded nearly a million times.

The figure, which comes from Sensor Tower, excludes repeated downloads, meaning if the server is leveraged to conduct an attack, several users could potentially be affected.

Apple has not commented on the matter, but most likely all these apps will be pulled from the store.

Ask NewsBytes
User Image

Most asked questions

How this malware could affect iPhones?

How to avoid apps like these?

Which is the best antivirus for iPhone security?

Can malware control my Android phone?

More questions

How this malware could affect iPhones?

Asked 2019-01-07 15:47:47 by Abhinav Rodrigues

Answered by NewsBytes

The malware-based attack could revolve around anything, from controlling your device to stealing files from it. However, it is very unlikely that something like this would happen on iOS-based devices.

How to avoid apps like these?

Asked 2019-01-07 15:47:47 by Aaryan Verma

Answered by NewsBytes

The best way to avoid malicious apps, be it on Android or on iOS, is by having an antivirus installed and downloading only trusted apps after checking their reviews.

Which is the best antivirus for iPhone security?

Asked 2019-01-07 15:47:47 by Abhinav Bhatnagar

Answered by NewsBytes

There are many, but the best ones, in our opinion, are Avira Mobile Security and McAfee Mobile Security. Both have got free and premium versions.

Can malware control my Android phone?

Asked 2019-01-07 15:47:47 by Vibhore Singhal

Answered by NewsBytes

Yes. There are many malware strains, which can be used to gain remote control of Android devices. Once a phone is infected, attackers can make calls or even send messages from it.

Next Timeline