Pages

New Alert Issued For The Mac App Store As Fraudulent Apps Take Center Stage

Apple has stuck with its claims that its App Store is one of the safest places that users can trust. But a new report by a researcher is raising the alarm on some recent findings.

Thanks to the security researcher that was recently identified with the name Privacy1st, we’re getting news about a series of fraudulent applications from China that are wandering around the Mac App Store and tricking users too.

The developers behind the apps have seemed to crack the code on how to bypass Apple’s stringent review process and carry on with the distribution side of things.

The apps are readily being taken up for numerous Apple devices like iPhones, MacBooks, and even iPad users, meaning the threat is definitely alarming and spreading.

But how exactly are these apps managing to trick reviewers on the App Store?

Well, a recent report was published by the security researcher on Medium, which also gained widespread support from an ex-NSA staff member named Patrick Wardle.

The study evaluated up to seven different accounts linked to Apple developers that were all found to be handled or managed by a single developer from China.

The apps were proven to abuse the stringent protocols in place on Apple’s App Store through several means.


For starters, the apps were witnessed to entail all sorts of hidden malware that received orders from a single server. By this means, the malware code stands in waiting mode until it gets approval from the App Store’s review board.

But once allowed to go live, it enables developers to alter the entire interface and you end up getting a whole new app than what was initially approved at the start by reviewers. Once ready, it’s shipped out to users who get tricked or deceived into downloading them, only to realize later the trap.

Remember, just because different developers or accounts are shipping out the apps doesn’t mean they aren’t linked. The apps continue to carry on with communications with various types of domains such as Cloudflare which disguises its hosting provider.

Another interesting feature that has been witnessed is how the apps’ privacy policy actually redirects you to another site or public page that was developed by Google’s site.

Researchers found that another thing that all of these fraudulent apps have in common is the fact that they all make use of the exact same password that can be utilized for decrypting JSON files.

And that is exactly what tactics it uses to mislead the review team on Apple’s App Store.

There are some conditions where the developer ends up publishing similar apps under various accounts. The whole idea is to expand reach while enabling tracking of various users.

One of the malicious apps outlined happens to read PDFs. This was enlisted to be one of the most frequently installed applications across the App Store in the US. And once you fall into the trap, users get tricked into actually making payments for various subscriptions.

And if that doesn’t seem fishy, well, it also has plenty of fake reviews on the app store about how great it is. There are zero negative reviews that speak about how the app doesn’t even work, making the whole problem so much worse.

All of these reviews are totally fake and end up being bought by developers for positive publicity.

Ever since the report by security researchers was published, Apple has taken action and removed plenty of fake reviews linked to these apps. Also, fewer fraudulent apps are also being seen across the platform, showing how active Apple is at removing such threats.

Read next: Apple Plans To Wipe Out Passwords Forever As Company Puts Its Passkeys Into The Spotlight

No comments: