14 DAY TRIAL // There was a time when iPhones were considered almost unhackable, not only because of Apple’s walled garden, but also thanks to the restrictions that the company put in place for apps published in the App Store.
Those days are long gone, and infected iPhone apps make the rounds occasionally, as security researchers discover and report them to Apple for a complete removal before it’s too late.
This is the case of 17 different apps that were infected with a clicker trojan malware supposed to click ads in the background in order to generate revenue for their owner. Additionally, such apps could act against certain competitors by clicking unwanted ads in order to increase the cost a developer needs to pay to an ad network.
Wandera says the 17 apps, which you can find in full in the box after the jump, were all published by the same Indian developer called AppAspect Technologies Pvt. Ltd. and were available in various countries.
Similar Android campaign
Interestingly, apps from the same developer are also published in the Google Play Store on Android, but these are clean, presumably after previously been flagged as malware and updated versions got published.
“We tested all of the free iTunes Applications of the developer and the results show that 17 out of the 35 free applications are all infected with the same malicious clicker functionality and are communicating with the same C&C server,” Wandera explains in their research.
The apps can connect to a C&C server, and by the looks of things, it’s the same as that was used in the Android campaign.
“The apps identified by Wandera communicate with the same C&C server using a strong encryption cipher that the researchers have not yet cracked,” the researchers explain in their analysis.
Apple has already removed the infected apps, but right now, it’s not yet known how many devices got infected. For the time being, the recommended step is to remove the apps listed below, as clicker trojans could have an impact on device performance and battery life.