New research from Wandera find over a dozen iPhone apps linked to Golduck malware. The findings underline that fake apps is by no means an Android-only problem.
Golduck malware infects the device with adware and may also lead to complete device compromise. In 2017, researchers found several classic game apps from the Google Play store which, once installed on your device, silently download an extra APK file with malicious code. At the time, more than 10 million users were affected by the malware.
Now, researchers from Wandera say they’ve discovered 14 iPhone games apps covertly communicating with the same command and control (C&C) server associated with Golduck. The iOS apps discovered by Wandera are innocent-looking retro games. They are not malware themselves, but they do offer hackers access into a victim’s iOS device.
Here’s the list:
- Block Game
- Bomber Game: Classic Bomberman
- Bounce Classic Legend
- Brain It On: Stickyman Physics
- Chicken Shoot Galaxy Invaders
- Classic Bomber: Super Legend
- Classic Brick – Retro Block
- Commando Metal: Classic Contra
- Classic Tank vs Super Bomber
- Roy Adventure Troll Game
- Super Adventure of Maritron
- Super Pentron Adventure: Super Hard
- The Climber Brick
- Trap Dungeons: Super Adventure
Malware is not an Android-only problem
It’s a widely believed sentiment that malware is an Android-only problem. This deeply rooted misconception comes from the fact that the Android mobile operating system is inherently more customisable than that of iOS. Wandera’s Threat Research team’s recent discoveries underline that malware is an iOS problem too.
The data firm Sensor Tower estimates that the iPhone apps have been installed close to one million times since they were released.
At time of writing, none of them appear to be available any longer from the US App Store. While so far it has apparently found the communication between affected apps and the known malware domain to be benign, that could change.
“The apps themselves are technically not compromised; while they do not contain any malicious code, the backdoor they open presents a risk for exposure that our customers do not want to take,” the researchers note.
“A hacker could easily use the secondary advertisement space to display a link that redirects the user and dupes them into installing a provisioning profile or a new certificate that ultimately allows for a more malicious app to be installed.”
The apps are available on the App Store and therefore the user doesn’t expect to be infected. But as we can see with this example, hackers can use a backdoor to infect trusted apps with malicious links.