07 Jan 2019
Over dozen iPhone apps caught communicating with malware-linked server
Historically, the problem of malicious or fake apps is more pronounced on Android than iOS.
Every now and then, we hear about a malicious app sneaking into the Google Play Store and then being removed.
But, this time around, it is iOS, where over a dozen apps have been caught communicating with a known malware-linked server, TechCrunch reported.
Here's more on the matter.
14 retro games tied to malware-linked server
Researchers at security-firm Wandera have spotted 14 different iOS apps communicating with a malware-associated server.
The apps, most of which were retro-style games, connected to a command and control server that had earlier contributed to the spread of Golduck malware on several Android phones.
More than a year ago, it had compromised millions of users, giving hackers the capabilities to control their devices, remotely.
Games not infected, but server poses risk
The games were discovered when Wandera's team, which had kept an eye on the malware-associated server, witnessed a connection with iOS devices.
However, it is worth noting that the apps in question were not found to be infected with the malware.
The only problem is their C&C server, which could compromise iPhones, just like it did on Android using classic and retro games.
How this server could be used to compromise iPhones?
All the apps in question display ads by taking commands from the server and send some device-related data (IP address, type, and sometimes location data) back to it.
This communication is benign, but the researchers involved in the discovery claimed the same method of displaying ads could be used to install a malicious package on iOS devices and compromise user security.
Worryingly, these apps have been downloaded nearly a million times
The risk gets even bigger when you see all 14 apps have been downloaded nearly a million times.
The figure, which comes from Sensor Tower, excludes repeated downloads, meaning if the server is leveraged to conduct an attack, several users could potentially be affected.
Apple has not commented on the matter, but most likely all these apps will be pulled from the store.
Comment from researchers on possible attack
"A hacker could easily use the secondary advertisement space to display a link that redirects the user and dupes them into installing a provisioning profile or a new certificate that ultimately allows for a more malicious app to be installed," Wandera researchers told TechCrunch.