Skip to main content

7 popular Mac apps were found with malware — are they on your device?

M2 MacBook Air
M2 MacBook Air (Image credit: Apple/Snappa)

Privacy 1st researcher Alex Kleber caught seven Mac apps spreading malware. According to Kleber's Medium report, the malicious apps, masquerading as PDF editors, screen recorders, and more, have the same cybercriminal behind them: a Chinese developer who managed to bypass Apple's review team.

The apps utilize an exploit called command-and-control (C&C), which lets cybercriminals issue commands from a centralized server, allowing them to hijack and manage victims' compromised devices.

The 7 malware-infested Mac apps

"How did this Chinese developer manage to sidestep Apple's ultra-strict review process?" you may be wondering. Well, as it turns out, the Cupertino-based tech giant's vetting team often saw a completely different UI compared to the final version. The malicious actor used the C&C exploit alter the UI on the fly.

The following are the  malware-infested apps Kleber found during his investigation:

1. PDF Reader for Adobe PDF Files - Sunnet Technology Inc.

2. Word Writer Pro - Netozo Limited

3. Screen Recorder - Safeharbor Technology L Ltd.

4. Webcam Expert - Widfire Technology Inc.

5. Streaming Browser Video Player - Boulevard Technology Ltd

6. PDF Editor for Adobe Files - Polarnet Limited

7. PDF Reader - Xu Lu

Interestingly, four out of the seven apps landed among the top 15 in its category. For example, PDF Reader for Adobe PDF Files was #1 on U.S. Chart Education; Screen Recorder was #12 on the same chart. Streaming Browser Video Player was #8 on U.S. Chart Entertainment. PDF Editor for Adobe Files slid into #11 on U.S. Chart Business. What does this mean? This malicious developer was generating significant revenue due to apps' high visibility.

It's also worth noting that the malicious actor employed fake reviewers to write false testimonials about their "experiences" with the seven apps. "Most of the 5 star reviews in the US App Store appear to be non-native English. Fake reviews can easily be bought from anywhere in the world," Kleber said.

Kleber also discovered that the cybercriminal spammed the same apps from different developer accounts to "gain as much market share as possible," a practice that is prohibited (according to Apple's Review Guidelines and Apple Developer Agreement).

Finally, Kleber spotted the apps "abusively" downloading data that is completely irrelevant to their purpose, which could spell trouble for victims' devices.

How to avoid malicious Mac apps

Though Apple boasts that it provides one of the most secure operating systems on the market, even the best MacBooks can't avoid the most deceptive cybercriminals. Check out the best antivirus apps to keep your system safe from invasive, malicious software.

Kimberly Gedeon, holding a Master's degree in International Journalism, launched her career as a journalist for MadameNoire's business beat in 2013. She loved translating stuffy stories about the economy, personal finance and investing into digestible, easy-to-understand, entertaining stories for young women of color. During her time on the business beat, she discovered her passion for tech as she dove into articles about tech entrepreneurship, the Consumer Electronics Show (CES) and the latest tablets. After eight years of freelancing, dabbling in a myriad of beats, she's finally found a home at Laptop Mag that accepts her as the crypto-addicted, virtual reality-loving, investing-focused, tech-fascinated nerd she is. Woot!