A Chinese publisher has managed to deceive the vigilance of Apple, which has accepted malicious applications on the App Store for macOS.
Apple puts a lot of its communication on the security of the App Store, its application store, thus justifying more closed ecosystems than Android or Windows. But even the apple brand is not infallible and can overlook threats. This is according to a report by Alex Kleber, a cybersecurity researcher, who identified several malicious Chinese applications on the macOS App Store.
The investigation uncovered seven different Apple developer accounts, actually belonging to a single China-based publisher. Applications from this editor contain a hidden malware which can receive commands from a server. Thus, the malicious code can be activated only once the application in question has been approved by the App Store, and thus deceive Apple’s security systems.
Fake reviews and paid subscription for macOS App Store apps
Using this technique, the developer can even completely change the interface of the application. The app validated by Apple therefore bears no resemblance to the app that is ultimately downloaded and installed by users. To make it harder to trace them, all communication is with domains using services like Cloudflare and GoDaddy, which allows them to hide their hosting provider.
One of the applications is a PDF reader that has been downloaded countless times on the App Store for macOS in the United States, even making it one of the most installed apps. The app requires a paid subscriptionwhile it offers the same functionalities as any ordinary free PDF reader, or even does not work at all.
To pretend that the app is legitimate and encourage users to download it, it is drowned in false positive feedback, which hide the real opinions denouncing it. Since the report’s release, Apple has responded by removing many fake reviews of these apps. Some of them have even been removed from the App Store altogether.
Source: Medium