#1 Utility in the Mac App Store sends stolen user data to server in China

By Brezanne Lee on September 20, 2018

Iphone's app store icon

The top paid utility app in the MacOS App Store named Adware Doctor, was found to be stealing the browsing history of its users and sending the data back to a remote server in China. The app claims to “prevent malware and malicious files from infecting your Mac” and is developed by “Yongming Zhang”. The anti-malware utility was the top paid app in the Utility category, and the #4 paid app overall, before it was removed from the app store earlier this week.

adware doctor product depiction — Image Source: https://www.bleepingcomputer.com/news/security/apple-removes-top-security-app-for-stealing-data-and-sending-it-to-china/

A security researcher, who goes by the username Privacyis1st on Twitter, posted a proof of concept video on Twitter when he first discovered the unusual activity and notified Apple of his findings in early August. Working with another security researcher, Patrick Wardle of Objective-See, the two found that once the user gave the utility permission to access the user files, the app would circumvent Apple’s sandboxing operations and exfiltrate browsing history from Chrome, Firefox and Safari, archive the files into a zip file along with a list of the running processes and installed software, and send the data to a server located in China with the host name adscan.yelabapp.com.

Top Sold MacOS AppStore application is ROGUE. Adware Doctor is stealing your privacy. PoC: https://t.co/LmveX593q0 #malware #virus #MacOS #Apple #MacBook #MacBookPro #CyberSecurity #privacy #GDPR #Hacking #hackers #cyberpunk #Alert

— Privacy 1st (@privacyis1st) August 20, 2018

The other issue is that despite being warned about the malicious activity of the app, Apple took over a month to remove the app from the App Store, even though it was in violation of the App Store Rules and Guidelines. The fact that this is a major privacy concern, along with the fact that Apple has not addressed the issue to its users goes against their usual actions in cases such as this, and shows they are not as problem free as they would want it to be. Macbooks and other Apple products are popular items among students, and this issue could affect a large number of users.

Sources

TheRegister.co.uk

https://www.theregister.co.uk/2018/09/07/adware_doctor_removed_apple/

Engadget

https://www.engadget.com/2018/09/07/mac-app-store-app-steals-browser-histories/

Macrumors

https://www.macrumors.com/2018/09/07/adware-doctor-stealing-history/

Bleeping Computer

https://www.bleepingcomputer.com/news/security/apple-removes-top-security-app-for-stealing-data-and-sending-it-to-china/