17 apps from iOS developer AppAspect Technologies Pvt. Ltd. were found to contain clicker malware that automatically clicked on ads and opened web pages in the background without user interaction.
The malware module bundled with the app SDKs communicated with a previously known command and control server. The apps were found in a wide range of App Store categories like utilities, travel, productivity, and more. Here’s the full list:
- RTO Vehicle Information
- EMI Calculator & Loan Planner
- File Manager – Documents
- Smart GPS Speedometer
- CrickOne – Live Cricket Scores
- Daily Fitness – Yoga Poses
- FM Radio – Internet Radio
- My Train Info – IRCTC & PNR (not listed under developer profile)
- Around Me Place Finder
- Easy Contacts Backup Manager
- Ramadan Times 2019
- Restaurant Finder – Find Food
- BMI Calculator – BMR Calc
- Dual Accounts
- Video Editor – Mute Video
- Islamic World – Qibla
- Smart Video Compressor
…the C&C server was used to communicate commands to the infected apps which could trigger targeted advertising, as well as the silent loading of websites, and remote reconfigurations on the device. One example involved users who had been fraudulently subscribed to expensive content services following the installation of an infected app.
Currently the developer has 51 apps on the App Store although these 17 have been removed.