During the past few days, several cybersecurity researchers have highlighted a plethora of malicious apps on the Mac App Store that tracks user data. While Apple continuously vows for ensuring user privacy and security, the presence of such apps on the Mac App Store has certainly riled people up – however, Apple seems to have finally taken notice of the reports from the researchers. Recently, Apple has taken down the famous app Adware Doctor from the app store after receiving reports about its data-stealing practices.
Famous App ‘Adware Doctor’ Stole User Data
A researcher with the alias Privacy1st on Twitter noticed the suspicious behavior of the famous Adware Doctor app. He then began working on this adware removal tool only to confirm his speculation for the app regarding its data pilfering practices. He presented his findings in a YouTube video, where he also showed the facts about another data tracking app ‘Komros’.
Adware Doctor from Mac AppStore stealing Mac Information
PoC: https://t.co/b8gBKIf4QL#MacOS #Apple #malware #virus #GDRP @AppStore @AppleSupport @kaspersky @Malwarebytes @avast_antivirus @Bitdefender @thomasareed @patrickwardle @objective_see @BleepinComputer @TheHackersNews
— Privacy 1st (@privacyis1st) August 5, 2018
While he kept reporting the matter repeatedly, the app remained there on the Mac App Store for about a month. Following his findings, another researcher, Patrick Wardle, stepped up to support his findings. He presented the POC in his blog post in which he also confirmed that the app pilfered user data and stored it on a Chinese server.
Apple Seemed Slow To Pull Off The App
Both the researchers, Privacy1st and Patrick Wardle clearly advised that they reported the app to Apple in the previous month. Although, Apple officials acknowledged the receipt of their complaints quickly, they then stated that they won’t be informing the researchers about any progress regarding their complaints. Since then, the app remained there on the app store, and they got no update about the fate of their complaints.
Thomas Reed from Malwarebytes Labs also states in his blog about this app, whilst highlighting numerous other apps that track user data. According to him, they have been watching this developer for the past three years. They have also reported the suspicious apps to Apple several times. However, the app kept entering the App Store repeatedly with different names.
“The developer of this app is one that we at Malwarebytes have had our eye on since 2015. At that time, we discovered an app on the App Store named Adware Medic—a direct rip-off of my own highly-successful app of the same name, which became Malwarebytes for Mac. We immediately began detecting this and contacted Apple about removing the app. It was eventually removed, but was replaced soon after by an identical app named Adware Doctor.”
He clearly deems it a “continued failure of Apple’s review process” that the same malicious app gets a place on the App Store again and again.
Adware Doctor Removed From Mac App Store
Nonetheless, after all the chaos, Apple has finally pulled off Adware Doctor from the Mac App Store after a month from the initial reports. However, Privacy1st still points out to the other malicious app from the same developer ‘Komros’ is still present.
Apple removed only the account which had Adware Doctor. Komros is still available and it is the second account of the same developer. Check the PoC Video: https://t.co/SbuQVc2FXt and screenshots. #Apple #AdwareDoctor #privacy pic.twitter.com/2bNcL1NoNr
— Privacy 1st (@privacyis1st) September 7, 2018
Besides, the researchers have also found some apps from the Trend Micro Company that also exfiltrate user data. Reportedly, these apps also send data to Chinese servers.
hey @TrendMicro nice way of doing dodgy business… exfiltrating user data with Open any Files and Dr. Cleaner… I ask myself why a company such as TrendMicro is registering the domain of Dr. Cleaner at a private person in China? Just curious…
— Privacy 1st (@privacyis1st) September 7, 2018
Hey @TrendMicro Told you that you are acting shady… Check the PoC: https://t.co/TnAQiKjxHS . Both Dr. Cleaner and Dr. Antivirus are exfiltrating user data. Check video and screenshots.
First reported by @thomasareed . @patrickwardle @BleepinComputer pic.twitter.com/R8xGBRYm18
— Privacy 1st (@privacyis1st) September 8, 2018
Hey @TrendMicro . Your MacOS app Dr.Unarchiver is doing same user data exfiltration. You are soo shady…
kudos to @_inside for finding.@AppleSupport @Apple @thomasareed @patrickwardle @BleepinComputer @Malwarebytes @TheHackersNews @9to5mac @MacRumors @ZDNet pic.twitter.com/5GGEkV5dvH
— Privacy 1st (@privacyis1st) September 9, 2018
Once again, as stated by Privacy1st, Apple has been formally informed of all these apps violating their app store guidelines. Earlier, Apple has removed Facebook’s Onavo VPN from the app store for collecting user data. We hope this time Apple removes the remaining malicious apps quickly but until then, all users should be wary of these apps. Make sure to thoroughly review the app permissions before using a newly installed app on your device.
Let us know your thoughts in the comments section.