Just a few short days after multiple cyber-security researchers independently confirmed that a Mac App Store malware called ‘Adware Doctor’ was collecting users’ browsing history on the sly and sending them over to their servers in China, new reports suggest that a number of other programs on the platform may have also been indulging in similar nefarious activities.
According to research conducted by cyber-security researchers Thomas Reed of Malwarebytes, Patrick Wardle of Objective-See and @privacyis1st, several popular App Store apps not only access users’ private data against App Store guidelines, but have also been sending that info in zipped files to remote servers without user permission.
Apart from Adware Doctor, the apps that have so far been identified as behaving deceptively, include Dr. Antivirus, Dr. Cleaner, Dr. Unarchiver, Dr. Cleaner, Dr. Antivirus and Open Any Files: RAR Support. What’s even more disconcerting is that the apps aren’t the work of some small-time fly-by-night developer, but are believed to be distributed by well-known security software firm, Trend Micro.
As pointed out in the tweet below, complaints about misbehaving Trend Micro apps were lodged on Malwarebytes forums as far back as in 2017, when user PeterNopSled claimed that the Open Any Files: RAR Support app was hijacking browsing history and uploading it to their servers in a zip archive with the password ‘novirus’.
All the apps named in the report have since been removed from the Mac App Store by Apple, so Beebom was unable to independently confirm these claims, but 9to5Mac says it was able to detect and verify that at least one of the blacklisted apps, Dr. Unarchiver, did, indeed, tried to upload a file to a remote server after gaining permission to access the home directory.
While Mac and iPhone users often claim that their devices are safer than Windows PCs and Android smartphones, it is becoming increasing evident that iOS and macOS are not as safe from malware as is often believed to be the case.