Senior privacy researcher Alex Clipper has discovered seven apps for Mac that spread malware. According to Kleber’s Medium report, malicious apps, masquerading as PDF editors, screen recorders, and more, have the same cybercriminal behind them: a Chinese developer who managed to bypass Apple’s review team.
The apps use an exploit called Command and Control (C&C), which allows cybercriminals to issue commands from a central server, allowing them to hijack and administer the compromised victims’ devices.
The 7 Malware Infected Mac Apps
“How did this Chinese developer manage to bypass Apple’s very strict review process?” you may wonder. Well, as it turns out, the Cupertino-based tech giant’s audit team often saw a completely different user interface compared to the final version. The malicious actor used a command-and-control exploit to instantly change the user interface.
Here are the malware-infested applications that Clipper found during its investigation:
1. PDF Reader for Adobe PDF files – Sunnet Technology Inc.
2. Word Writer Pro – Netozo Limited
3. screen recorder – Safeharbor Technology L Ltd.
4. webcam expert – Widfire Technology Inc.
5. Stream Browser Video Player Boulevard Technology Ltd
6. PDF editor for Adobe files – Polarnet Co., Ltd.
7. PDF Reader – sho lu
Interestingly, four out of the seven apps landed among the top 15 apps in their category. For example, the PDF reader for Adobe PDF files was #1 in US Chart Education; Screen Recorder was #12 on the same chart. Streaming Browser Video Player was No. 8 in US Chart Entertainment. Slide down the PDF editor for Adobe files to #11 in the US Chart Business. What does this mean? This malicious developer has been making huge profits due to the high visibility of apps.
It’s also worth noting that the malicious actor hired fake reviewers to write fake testimonials about their “experiences” with the seven apps. “It appears that most of the five-star reviews in the US App Store are not in the original English language. Fake reviews can easily be purchased anywhere in the world,” Kleber said.
Clipper also discovered that cybercriminals sent the same apps from different developer accounts to “earn as much market share as possible,” a prohibited practice (according to Apple’s review guidelines and the Apple Developer Agreement).
Finally, Clipper detected apps downloading data “abusively” that had nothing to do with its purpose, which could cause problems for victims’ devices.
How to avoid malicious Mac apps
Although Apple prides itself on providing one of the most secure operating systems on the market, the best MacBooks can’t avoid the most deceitful cybercriminals. Check out the best antivirus apps to keep your system safe from invading malware.