Fourteen iOS apps have been discovered to be covertly sending information to the server associated with Android-based malware Golduck, which affected more than 10 million users.
Golduck embedded malicious code on devices, which allowed hackers to do things like sending premium SMS messages from a victim’s phone. According to security researchers, the related iPhone apps could pose the same threat.
All 14 apps were retro-syle games including Commando Metal: Classic Contra, Super Pentron Adventure: Super Hard, Classic Tank vs Super Bomber, Super Adventure of Maritron, Roy Adventure Troll Game, Trap Dungeons: Super Adventure, Bounce Classic Legend, Block Game, Classic Bomber: Super Legend, Brain It On: Stickman Physics, Bomber Game: Classic Bomberman, Classic Brick – Retro Block, The Climber Brick, and Chicken Shoot Galaxy Invaders.
Enterprise security firm Wandera discovered the vulnerability. While so far it has apparently found the communication between affected apps and the known malware domain to be benign, that could change.
“The apps themselves are technically not compromised; while they do not contain any malicious code, the backdoor they open presents a risk for exposure that our customers do not want to take,” the researchers note. “A hacker could easily use the secondary advertisement space to display a link that redirects the user and dupes them into installing a provisioning profile or a new certificate that ultimately allows for a more malicious app to be installed.”
The 14 apps have reportedly been installed almost 1 million times since being released. At time of writing, none of them appear to be available any longer from the U.S. App Store.
While Apple is typically pretty good when it comes to the security of its App Store, this is a rare example of a lapse on Apple’s part. It’s by no means the only one to occur, but typically iOS users are better protected than their Android-using compatriots. Still, it’s yet another illustration of why you need to be careful with what you choose to download.