Independent research found several fraudulent Chinese apps available on the Mac App Store. Said apps seem to have bypassed Apple’s review team and managed to get into the Mac App Store as legitimate apps.
Fraudulent Chinese Apps Slip Past Apple’s Review Team
The researcher, identified as “Privacy1St” (Alex Kleber), posted his findings on Medium. Security research and former NSA staffer Patrick Wardle supported the post. According to the report, a certain Chinese developer used seven different Apple developer accounts to submit apps to the Mac App Store.
The report noted that most of the fraudulent apps contained hidden malware. This malware can receive commands from a server. Once the apps were approved and went live on the Mac App Store, the malicious code became active. The method used by the developer essentially disguised the app to make it seem legitimate. Once installed on a Mac, the developer can execute a command that sends the malicious app to other users.
Apps Use Cloudflare and GoDaddy to Hide Hosting Provider
Additionally, the researcher found that the apps use the same password when decrypting a JSON file. This is a method used to mislead the App Store review team.
Interestingly, some of the apps identified in the report appear to have numerous positive reviews. The reviews were too good to be true and appeared to be fake reviews. Hence, most of the fake reviews were removed by Apple.
One of the apps identified as fraudulent was PDF Reader for Adobe PDF Files. If the name sounds familiar, that’s because the app is one of the most downloaded apps on the Mac App Store. The app may seem legitimate, but once downloaded, it tricks users to pay for an expensive subscription plan.
All in all, the report identified seven fraudulent apps submitted by the same developer. You can find the full list of these fraudulent apps on Medium.