#1 Utility in the Mac App Store sends stolen user data to server in China
By Brezanne Lee on September 20, 2018
The top paid utility app in the MacOS App Store named Adware Doctor, was found to be stealing the browsing history of its users and sending the data back to a remote server in China. The app claims to “prevent malware and malicious files from infecting your Mac” and is developed by “Yongming Zhang”. The anti-malware utility was the top paid app in the Utility category, and the #4 paid app overall, before it was removed from the app store earlier this week.
A security researcher, who goes by the username Privacyis1st on Twitter, posted a proof of concept video on Twitter when he first discovered the unusual activity and notified Apple of his findings in early August. Working with another security researcher, Patrick Wardle of Objective-See, the two found that once the user gave the utility permission to access the user files, the app would circumvent Apple’s sandboxing operations and exfiltrate browsing history from Chrome, Firefox and Safari, archive the files into a zip file along with a list of the running processes and installed software, and send the data to a server located in China with the host name adscan.yelabapp.com.
Top Sold MacOS AppStore application is ROGUE. Adware Doctor is stealing your privacy. PoC: https://t.co/LmveX593q0#malware #virus #MacOS #Apple #MacBook #MacBookPro #CyberSecurity #privacy #GDPR #Hacking #hackers #cyberpunk #Alert
— Privacy 1st (@privacyis1st) August 20, 2018
The other issue is that despite being warned about the malicious activity of the app, Apple took over a month to remove the app from the App Store, even though it was in violation of the App Store Rules and Guidelines. The fact that this is a major privacy concern, along with the fact that Apple has not addressed the issue to its users goes against their usual actions in cases such as this, and shows they are not as problem free as they would want it to be. Macbooks and other Apple products are popular items among students, and this issue could affect a large number of users.
Sources
TheRegister.co.uk
https://www.theregister.co.uk/2018/09/07/adware_doctor_removed_apple/
Engadget
https://www.engadget.com/2018/09/07/mac-app-store-app-steals-browser-histories/
Macrumors
https://www.macrumors.com/2018/09/07/adware-doctor-stealing-history/
Bleeping Computer
https://www.bleepingcomputer.com/news/security/apple-removes-top-security-app-for-stealing-data-and-sending-it-to-china/
-
CrushFTP CVE-2025-31161 Vulnerability
CrushFTP CVE-2025-31161 Vulnerability
4/11/2025 -
Active Exploitation of Apache Tomcat CVE-2025-24813 Vulnerability
Active Exploitation of Apache Tomcat CVE-2025-24813 Vulnerability
4/4/2025 -
Next.js Middleware CVE-2025-29927 Vulnerability
Next.js Middleware CVE-2025-29927 Vulnerability
4/4/2025