Privacy 1st researcher Alex Kleber caught seven Mac apps spreading malware. According to Kleber's Medium report, the malicious apps, masquerading as PDF editors, screen recorders, and more, have the same cybercriminal behind them: a Chinese developer who managed to bypass Apple's review team.
The apps utilize an exploit called command-and-control (C&C), which lets cybercriminals issue commands from a centralized server, allowing them to hijack and manage victims' compromised devices.
The 7 malware-infested Mac apps
"How did this Chinese developer manage to sidestep Apple's ultra-strict review process?" you may be wondering. Well, as it turns out, the Cupertino-based tech giant's vetting team often saw a completely different UI compared to the final version. The malicious actor used the C&C exploit alter the UI on the fly.
The following are the malware-infested apps Kleber found during his investigation:
1. PDF Reader for Adobe PDF Files - Sunnet Technology Inc.
2. Word Writer Pro - Netozo Limited
3. Screen Recorder - Safeharbor Technology L Ltd.
4. Webcam Expert - Widfire Technology Inc.
5. Streaming Browser Video Player - Boulevard Technology Ltd
6. PDF Editor for Adobe Files - Polarnet Limited
7. PDF Reader - Xu Lu
Interestingly, four out of the seven apps landed among the top 15 in its category. For example, PDF Reader for Adobe PDF Files was #1 on U.S. Chart Education; Screen Recorder was #12 on the same chart. Streaming Browser Video Player was #8 on U.S. Chart Entertainment. PDF Editor for Adobe Files slid into #11 on U.S. Chart Business. What does this mean? This malicious developer was generating significant revenue due to apps' high visibility.
It's also worth noting that the malicious actor employed fake reviewers to write false testimonials about their "experiences" with the seven apps. "Most of the 5 star reviews in the US App Store appear to be non-native English. Fake reviews can easily be bought from anywhere in the world," Kleber said.
Kleber also discovered that the cybercriminal spammed the same apps from different developer accounts to "gain as much market share as possible," a practice that is prohibited (according to Apple's Review Guidelines and Apple Developer Agreement).
Finally, Kleber spotted the apps "abusively" downloading data that is completely irrelevant to their purpose, which could spell trouble for victims' devices.
How to avoid malicious Mac apps
Though Apple boasts that it provides one of the most secure operating systems on the market, even the best MacBooks can't avoid the most deceptive cybercriminals. Check out the best antivirus apps to keep your system safe from invasive, malicious software.
