Chinese malware hides in App Store apps for macOS
A Chinese publisher has managed to deceive the vigilance of Apple, which has accepted malicious applications on the App Store for macOS.
Apple puts a lot of its communication on the security of the App Store, its application store, thus justifying more closed ecosystems than Android or Windows. But even the apple brand is not infallible and can overlook threats. This is according to a report by Alex Kleber, a cybersecurity researcher, who identified several malicious Chinese apps on the macOS App Store.
The investigation uncovered seven different Apple developer accounts, actually belonging to a single China-based publisher. Applications from this publisher contain hidden malware that can receive commands from a server. Thus, the malicious code can be active only once the application in question has been available on the App Store, and thus deceive Apple’s security systems.
Investigation report about the abuse of the Mac App store
Using this technique, the developer can even change the interface of the application entirely. The app validated by Apple therefore bears no resemblance to the app that is ultimately downloaded and installed by users. To make it harder to trace them, all communication is with domains using services like Cloudflare and GoDaddy. Which allows them to hide their hosting provider.
One of the applications is a PDF reader that has got a countless times downloads on the App Store for macOS in the United States. Even making it one of the most installed apps. The app requires a paid subscription, while it offers the same features as any regular free PDF reader. Or even does not work at all.
To make believe that the app is legitimate and encourage users to download it. It is drowned in false positive comments, which hide the real opinions denouncing it. Since the report’s release, Apple has responded by removing many fake reviews of these apps. Some of them are no longer available in the App Store altogether.