Independent research found several fraudulent Chinese apps available on the Mac App Store. Said apps seem to have bypassed Apple’s review team and managed to get into the Mac App Store as legitimate apps.
Fraudulent Chinese Apps Slip Past Apple’s Review Team
The researcher, identified as “Privacy1St” (Alex Kleber), posted his findings on Medium. Security research and former NSA staffer Patrick Wardle supported the post. According to the report, a certain Chinese developer used seven different Apple developer accounts to submit apps to the Mac App Store.
The report noted that most of the fraudulent apps contained hidden malware. This malware can receive commands from a server. Once the apps were approved and went live on the Mac App Store, the malicious code became active. The method used by the developer essentially disguised the app to make it seem legitimate. Once installed on a Mac, the developer can execute a command that sends the malicious app to other users.
Apps Use Cloudflare and GoDaddy to Hide Hosting Provider
According to the report, the apps use domains hosted on Cloudflare and GoDaddy. The researcher found out that although the apps appear to be released by different developer accounts, the apps still communicate with the same domain providers. This enables the developer to hide the app hosting provider. In addition, the report also found that the apps direct their Privacy Policy link to a website created using Google Sites.
Additionally, the researcher found that the apps use the same password when decrypting a JSON file. This is a method used to mislead the App Store review team.
Interestingly, some of the apps identified in the report appear to have numerous positive reviews. The reviews were too good to be true and appeared to be fake reviews. Hence, most of the fake reviews were removed by Apple.
One of the apps identified as fraudulent was PDF Reader for Adobe PDF Files. If the name sounds familiar, that’s because the app is one of the most downloaded apps on the Mac App Store. The app may seem legitimate, but once downloaded, it tricks users to pay for an expensive subscription plan.
All in all, the report identified seven fraudulent apps submitted by the same developer. You can find the full list of these fraudulent apps on Medium.
I use iBoostUp’s Spyware Doctor to scan my Mac. It’s an eye opening experience when it finds malware or spyware in benign seeming apps. From their page “Created by security experts formerly of the world’s leading security companies* and using a combination of state-of-the-art scanning techniques, iBoostUp with Spyware Doctor is able to determine whether even previously unseen apps might exhibit malicious behaviour or be a risk to your privacy.” Here’s a youtube video about it
https://youtu.be/gEgxZKqa86g
“Apps Use Cloudflare and GoDaddy to Hide Hosting Provider”
No surprise there.