Apple pulled more than a dozen iOS apps infested with adware from the App Store on Thursday (Oct. 24). The apps that slipped past Apple’s filters housed code designed to secretly click online ads and flood websites on behalf of bad actors hoping to make a buck.
Mobile security firm Wandera (opens in new tab) uncovered 17 free iOS apps loaded with this adware. The apps, which pose as mundane tools, acted in the background and concealed their intentions from users. Meanwhile, they generated money for the bad actors, who got paid for each ad click.
“The objective of most clicker Trojans is to generate revenue for the attacker on a pay-per-click basis by inflating website traffic,” Wandera said in its report. “They can
also be used to drain the budget of a competitor by artificially inflating the balance owed to the ad network."
Wandera found the clicker Trojan in apps written by India-based AppAspect. It’s unclear whether AppAspect knew about the malware. But Wandera says AppAspect’s Android apps on the Google Play Store had a similar bug in the past.
Adware is fairly commonplace among Android apps, especially those found in "off-road" app stores not controlled by Google. But it's very rare among iOS apps, so the discovery of more than a dozen at once might make you wonder how closely Apple is monitoring the App Store.
Before Apple removed 15 of these apps from the App Store, they were functional tools you might download for news, yoga poses or car information, aimed mainly at users in India. Wandera says the last two apps are still live, but it is monitoring their activity.
The adware-riddled apps
Here is a full list of all the apps Wandera identified as harboring clickware:
- RTO Vehicle Information
- EMI Calculator & Loan Planner
- File Manager – Documents
- Smart GPS Speedometer
- CrickOne – Live Cricket Scores
- Daily Fitness – Yoga Poses
- FM Radio – Internet Radio
- My Train Info – IRCTC & PNR
- Around Me Place Finder
- Easy Contacts Backup Manager
- Ramadan Times 2019
- Restaurant Finder – Find Food
- BMI Calculator – BMR Calc
- Dual Accounts
- Video Editor – Mute Video
- Islamic World – Qibla
- Smart Video Compressor
If you have any of these apps on your iPhone or iPad, you should delete them. They don’t pose an immediate threat to users, but they do use an infection method that genuinely dangerous malware can employ to infiltrate a mobile system. Stick to downloading apps with positive reviews from legitimate developers.