Under the cover of security features, a series of doubtful applications collect sensitive data and send them to third-party servers. Among the authors are the Trend Micro editor.
Last June, Phil Schiller, Apple's chief marketing leader, declared that the Mac App Store was "the safest place to have Mac applications ", in particular because of the company's verification process. This process is obviously not very effective because applications that steal user data begin to multiply on the application store.
Several security researchers have just pointed a series of applications that, under the guise of utilitarian or security features, leak sensitive data to third-party servers: browsing history, list of downloaded applications or list of active processes.
Very popular applications
The pinned applications are Adware Doctor, Open Any Files, Dr.Antivirus, Dr.Cleaner Pro, Dr.Cleaner Disk and Dr.Unarchiver. The problem is that all these applications are pretty well positioned at the Mac App Store. They even appear in the Top 10 downloads, as we can moreover see it on the Apple website.
It has been more than a month since the security researchers alerted Apple on the danger of these applications for the protection of personal data. It’s only now, after the multiplication of the blog notes and press articles, that the firm has finally reacted.
What is even more incomprehensible in this story, is that the editor of Dr. Antivirus, Dr Cleaner and Dr Unarchiver is the Trend Micro company, a security solutions company that is well established. In a video, the researcher " Privacy 1st " shows that the stolen data are exfiltrated to a server belonging to the trendmicro.com domain. It therefore can not be any doubt.
Apparently, Trend Micro even uses a fake name. So, the Open Any Files application is developed by certain "Hao Wu", but according to the Thomas Reed’s analysis of MalwareBytes, the exfiltrated data are again sent to the trendmicro.com domain.
A well-known scam technique
To put their hand on sensitives data, these applications use a simple and proven technique: they ask permission from users through a smoky pretext. Adware Doctor operation has been analyzed in detail by Patrick Wardle, asks for example the user to clean up "extensions, cookies and cache" browsers.
In fact, it uses this access right to aggregate the history of all the browsers into a Zip file that will be sent to a third server. According to the security researcher, this way of making is "an obvious violation of the privacy of the user (and of course the usage rules of the Mac App Store)."
Go take a look at this VIDEO…
But that's not all. A flaw in the Apple’s APIs allows Adware Doctor to get out of its sandbox and to list the processes during execution on the machine. Again, this information finds itself in the exfiltrated Zip file, as well as a list of all the applications which the user downloaded in past. Let’s us hope that Apple will be able to improve its verification process in the future.
I've made a lot of articles with tools, explanations and advises to show you how to protect your privacy and to secure your computer, GO check them out!
This is my guide to secure your PC after a fresh installation of Windows
If you think that your phone or your PC has been hacked, you have to check it right now!
That's how you can be more Anonymous on the internet!
Why your PC is slow?
You Feel hot? Your computer also!
How an adware works?
That's how you should guard against Trojan!
Nice informative article, thanks for the warning!
Thanks for your time and your consideration!
@vijbzabyss it's an exceptionally instructive article, a debt of gratitude is in order for the notice! A debt of gratitude is in order for your chance and your thought!
Thanks a lot! Don't hesitate to check my pasts articles, this one is just the top of the iceberg ;-)