Instead of cleaning adware, the Adware Doctor app is sending its users' browsing history to servers from China

Sep 7, 2018 12:49 GMT  ·  By

Patrick Wardle, former NSA hacker and currently chief research officer at Digita Security, uncovered the fact that Adware Doctor is stealing its users' browser history from most popular web browsers, as well as recent App Store searches and a detailed list of processes running on the Mac among other things.

The first one who detected Adware Doctor's suspicious spyware-like behavior was a security researcher with the @privacyis1st Twitter handle. He also uploaded a YouTube video on August 10th, detailing the exact procedure used by Adware Doctor to grab and upload the user's browsing history.

In his blog post, Patrick Wardle details how, when Adware Doctor:Antimalware & Ad is done collecting your data, it will also quickly zip everything up into a history.zip file and will upload it together with a JSON blob listing all the software downloaded on your Mac to a Chinese server for exfiltration.

To do this, Adware Doctor is able to bypass Mac App Store's sandbox restrictions to be able to access, copy and upload user files from the Mac it is installed on.

The application got through Apple's Mac App Store review process without raising any flags

It is tough to understand how an app which breaks a whole slew of rules from Apple's App Store Guidelines can be approved and published on the Mac App Store, and subsequently stealing private data from its users.

After the report sent in by Wardle, Apple's Mac App Store Review team said that "We have forwarded your feedback to the appropriate team. Someone from this team will investigate and follow up as needed. Because we can only share communications about an app with its developer, you will not receive updates in this matter."

At the moment the Adware Doctor:Antimalware & Ad is still available through Apple's Mac App Store despite Patrick Wardle reporting the issue in August and is the fifth app in the top paid apps in Apple's Mac App Store which sells for $4.99.

Below you can find a video recorded by Wardle to show how the Adware Doctor app is stealing browsing history from the Mac it is installed on.

UPDATE: Apple has finally removed the spyware-behaving app from the Mac App Store. When trying to access its Mac App Store page, an "Item Not Available" error message is displayed.

Photo Gallery (3 Images)

Adware Doctor's Mac App Store screenshot
First response received by Wardle from AppleFinal response received by Wardle from Apple
Open gallery