Wandera’s threat research team has discovered 17 apps on the Apple App Store that are infected with clicker trojan malware. Just like other similar malware, the clicker Trojan was designed to inflate website traffic and generate revenue on a pay-per-click basis.
The infected 17 applications were published in the App Store in various categories, including productivity, platform utilities, and travel. However, they made it to the app storefront in various countries from the same developer, India-based AppAspect Technologies Pvt. Ltd.
The Trojan performs the ad fraud tasks in the background through continuously opening web pages and clicking on links without requiring any form of user interaction.
A security researcher said The developer has a total of 51 applications in the App Store, including 35 offered for free. Of these, 17 were found to be infected.
These are RTO Vehicle Information, EMI Calculator & Loan Planner, File Manager – Documents, Smart GPS Speedometer, CrickOne – Live Cricket Scores, Daily Fitness – Yoga Poses, FM Radio PRO – Internet Radio, My Train Info – IRCTC & PNR (not listed under developer profile), Around Me Place Finder, Easy Contacts Backup Manager, Ramadan Times 2019 Pro, Restaurant Finder – Find Food, BMI Calculator PRO – BMR Calc, Dual Accounts Pro, Video Editor – Mute Video, Islamic World PRO – Qibla, and Smart Video Compressor.
All of the infected apps would communicate with the same C&C, which was previously exposed in a Dr. Web report on a clicker Trojan targeting Android.
The identified iOS applications use strong encryption to communicate with the C&C server. As per Dr Web’s report, the Android apps that were communicating with the same server were gathering users’ private information, including device make and model, country of residence, and configuration details.
AppAspect Technologies has 28 applications published in Google Play at the moment, but none of them was found to be communicating with the aforementioned C&C server.
However, additional research found that AppAspect’s Android apps had once been infected in the past and removed from the store. They have since been republished and don’t appear to have the malicious functionality embedded. It’s unclear whether the bad code was added intentionally or unintentionally by the developer.
Although one of the less frequently seen threats in the wild, mobile malware is being increasingly used in targeted attack scenarios, and the newly discovered applications prove that attackers are focusing more on introducing malware into official app sources, Wandera notes.