The Apple App Store recently pulled 17 apps that were infected with clicker trojan malware. The apps themselves don’t have anything that would alert the detection services in the Apple App Store. Instead, the apps communicate with a known command and control server, or C&C server. The server tells the app to simulate user interactions to collect ad revenue fraudulently. The cybersecurity company, Wandera, discovered the apps and reported them to the Apple App Store.
In the case of the clicker trojan module that Wandera discovered, the apps were designed to execute ad fraud-related tasks in the background. These actions could occur without the user even knowing. Some of the actions included repeatedly opening web pages or clicking PPC ads continuously.
These actions would generate revenue for the attacker by inflating web traffic on a pay-per-click basis. The apps could also be used to deplete the budget of a competitor by inflating the balance owed to the ad network.
Wandera classified these trojans as malware similar to Malwarebytes and F-Secure.
Now that we have brought you up to speed on the background and motive of the bad apps, you may be wondering what applications were included in the scam. The list below covers the 17 malicious apps:
The 17 malicious apps were found in app stores in a variety of countries. All of them came from the same developer, AppAspect Technologies Pvt, Ltd.
Below is an image of the apps so you can better detect them on your phone or other mobile devices if you do have them:
According to Wandera, AppAspect Technologies Pvt, Ltd has over 50 apps in the Apple App Store, with 35 being free to download. The tests performed by Wandera on the 35 free apps showed that 17 of them were infected with the clicker trojan virus and were communicating with the same C&C server. This server was discovered by Dr. Web and was part of a similar clicker trojan infestation on Android products.
Although you don’t actively see these apps doing anything malicious, they can slow down your mobile device and/or increase your mobile data costs. It is important to remove these apps from your devices as soon as possible if they aren’t already gone.
The latest malware issue is being called “Reductor” and seems to be focused on Chrome and Firefox users. The malware was discovered by the security team at Kaspersky. They came across the malware earlier this year and, after a lengthy investigation, they have released a report detailing their findings.
If your system becomes infected with Reductor it can be open to vulnerabilities over a network. The malware is a Remote Access Trojan or RAT, an appropriate acronym. Through this RAT, a hacker can upload, download, or execute files. According to Kaspersky’s report, they aren’t yet sure what the hackers’ endgame is in regards to creating the malware and releasing it into the wild.
Kaspersky’s security research team states:
“Analysis of the malware allowed us to confirm that the operators have some control over the target’s network channel and could replace legitimate installers with infected ones on the fly. That places the actor in a very exclusive club, with capabilities that few other actors in the world have.”
The security researchers at Kaspersky haven’t seen a widespread appearance of this malware, but they are being proactive. Now that the malware has been identified, antivirus companies can add it to their database. Once added to their antivirus software, the malware can be detected and deleted when the system is scanned.
To make sure that your computer is safe, run a system scan through your antivirus software. If you don’t have an antivirus program on your computer, stop reading this right now and go download one. Some of the top-rated antivirus programs are:
As always, you should be careful when you’re online. Don’t download software from unofficial sources and avoid opening suspicious email attachments.
If you have good antivirus software on your computer, you will be protected from malicious content.
Enjoy surfing the web and let’s be safe out there.