Apple has removed 17 apps that contained malware from the App Store. The apps, all from the same developer, successfully evaded the store’s app review process.
The apps covered a wide range of categories, and included an Internet radio app, a restaurant-finder, GPS speedometer, and more.
The apps were discovered by mobile security company Wandera, which said the apps perform the tasks they claimed they do, but secretly communicate with a known command and control (C&C) server to simulate user interactions in order to fraudulently collect ad revenue.
The clicker trojan module discovered in this group of applications is designed to carry out ad fraud-related tasks in the background, such as continuously opening web pages or clicking links without any user interaction.
The objective of most clicker trojans is to generate revenue for the attacker on a pay-per-click basis by inflating website traffic. They can also be used to drain the budget of a competitor by artificially inflating the balance owed to the ad network.
While no direct damage was done to the app user or their device, the background activity would use up mobile data, while also potentially slowing the device and draining the battery.
Wandera says the apps were able to evade the App Store review process, due to the fact that the apps didn’t contain malicious code, but instead received their instructions on what to do from a remote server.
The apps containing the malware were:
All 17 infected apps were published on the App Stores in various countries by the same developer, India-based AppAspect Technologies Pvt. Ltd.