Apple: Chinese malware is also found in the Mac App Store

Nathan Le Gohlisse

Hardware Specialist

August 09, 2022 at 3:30 p.m.



© Elchinator/Pixabay

The Mac App Store isn’t as secure as Apple wants it to be. A security researcher discovered that several applications containing malware have managed to make their way into the application market for the Cupertino giant’s computers.

Apple may well curb the four irons vis-à-vis the installation of applications downloaded outside its App Store, but the group’s platform does not become a sanctuary protected from all malware. Proof of this is on the Mac App Store, where Alex Kleber, a German security researcher active on the Twitter account @privacyis1st, discovered several infected applications.

Chinese malware on the Mac App Store

To uncover them, the person concerned focused on the suspicious activities of seven different Apple developer accounts, all managed by the same Chinese developer. And it turned out that these do indeed violate the rules of the Mac App Store, and on several levels. First and foremost, the applications published by these accounts contain hidden malware, capable of taking commands remotely from a server (via ” command-and-control “, highlighted TechSpot).

By opting for this technique, which consists of hiding malware to activate it later, the developer behind these dubious applications manages to pass Apple’s checks. We even learn that the final form of certain applications is very different from that initially submitted to Apple. Indeed, their developer is able to drastically modify the interface afterwards, and remotely.

Mac App Store malware-1 © © TechSpot via Privacy 1st

© TechSpot via Privacy 1st

Popular and perfectly innocent applications… in appearance

As reported TechSpot, these applications are also designed to communicate with services like Cloudflare and GoDaddy, in order to hide their real hosting provider… which complicates things a little more. Pushing the analysis further, Alex Kleber also discovered that they use a single password to decrypt a JSON file used to deceive the Apple evaluation team. A single developer therefore seems to be at the origin of these different apps.

To promote it, the latter uses a proven technique: buying fake reviews to artificially boost their attractiveness to inattentive users. Evaluations which Apple seems to have recently gotten rid of… as well as some of the incriminated applications themselves. It must be said that there was urgency: these apps notably took the form of utilities allowing the opening and modification of PDFs. Tools that could not be more common and innocuous… that are often downloaded without paying much attention to them.

Sources: Privacy 1st, TechSpot

Source link -99