Apple Has a Malware Problem

Apple’s App Stores are known for their tight-knit security: If an app is featured on the App Store, Apple wants you to feel confident it isn’t harmful or dangerous (although it might not be able to vouch for its quality). However, two stories in the news this week prove Apple’s security systems aren’t impervious to malicious apps. In fact, there
August 9, 2022
 / 
meritsolutions
 / 
Image

Apple’s App Stores are known for their tight-knit security: If an app is featured on the App Store, Apple wants you to feel confident it isn’t harmful or dangerous (although it might not be able to vouch for its quality). However, two stories in the news this week prove Apple’s security systems aren’t impervious to malicious apps. In fact, there were a total of eight across iOS’ and macOS’ App Stores recently discovered.

Security researcher Alex Kleber was the first to discover seven malware-infected apps living in Apple’s macOS App Store. While all apps appear to stem from different developers, Kleber realized all seven were really created by the same developer in China. These apps snuck their way through Apple’s sights by first appearing as different apps: Once Apple approved them, the developer would alert the app to its current, compromised state, with Apple none-the-wiser.

In addition, Kleber found each app would employ the use of fake reviews to boost its perceived legitimacy: Users stumbling across the malicious apps might feel secure in downloading each because of its high App Store rating, although a dive into those comments would show that they did not appear to be thoughtful reviews from real users. These apps also download data that goes against the advertised purpose of the software.

It isn’t only these seven macOS apps: Last week, we learned a popular Facebook ad account app was actually malicious. The app used the same bait and switch approach to trick Apple and its users into downloading it, by first appearing as a different app to gain approval. Facebook advertising employees then downloaded the app and used it, allowing the malicious users behind the app to hack into their accounts.

This development is significant because of Apple’s hard-line stance on the security of its App Stores: The company tells its customers purchasing and downloading apps through its stores is the most secure way to experience new software on macOS: Apple doesn’t go so far to say that downloading apps from outside the App Store is off the table, but they do stress that the App Store is the way to ensure you don’t infect your Mac with malware or other malicious software.

Photo by James Yarema on Unsplash

Share This

Leave a Reply



Sign Up for weekly MERIT Security Briefing

By signing up, you agree to our Privacy Policy.