Apparently developer AppAspect Technologies is fond of embedding malware into its iOS apps.
17 apps from the developer were found to contain clicker malware that automatically clicked on ads and opened web pages in the background without user interaction.
The malware module bundled with the app SDKs communicated with a previously known command and control servers.
The malware was discovered in the following apps:
- RTO Vehicle Information
- EMI Calculator & Loan Planner
- File Manager – Documents
- Smart GPS Speedometer
- CrickOne – Live Cricket Scores
- Daily Fitness – Yoga Poses
- FM Radio – Internet Radio
- My Train Info – IRCTC & PNR (not listed under developer profile)
- Around Me Place Finder
- Easy Contacts Backup Manager
- Ramadan Times 2019
- Restaurant Finder – Find Food
- BMI Calculator – BMR Calc
- Dual Accounts
- Video Editor – Mute Video
- Islamic World – Qibla
- Smart Video Compressor
…the C&C server was used to communicate commands to the infected apps which could trigger targeted advertising, as well as the silent loading of websites, and remote reconfigurations on the device. One example involved users who had been fraudulently subscribed to expensive content services following the installation of an infected app.
The developer currently has no less than 51 apps available on the App Store. The 17 malware-containing apps mentioned before have been removed from the store.
Stay tuned for additional details as they become available.