Prime Inspiration

14 iPhone Apps are found communicating with Golduck malware server

by

Haridas Gowra
in
Apple App Store
Apple App Store

Many users consider Apple App Store to be safe and secure. While it is true for most of the time, some questionable apps end up sneaking through the cracks. Recently, Security researchers from Wandera have discovered 14 games that all communicate with the same server used to control Golduck malware for Android. Golduck is an Android-focused malware that infects popular classic game apps.

While the games themselves appeared innocuous, they were loaded with ads. It would have been feasible to use ads to trick users into granting permission for malware installed outside of the App Store, Wandera told TechCrunch. If you have downloaded any of these games, it goes without saying that you need to delete the app now. The list includes:

  • Commando Metal: Classic Contra Super Pentron
  • Adventure: Super Hard
  • Bomber Game: Classic Bomberman
  • Super Adventure of Maritron
  • Classic Tank vs Super Bomber
  • Roy Adventure Troll Game
  • Trap Dungeons: Super Adventure
  • Bounce Classic Legend
  • Block Game
  • Classic Bomber: Super Legend
  • Brain It On: Stickman Physics
  • The Climber Brick
  • Chicken Shoot Galaxy Invaders
  • Classic Brick – Retro Block

This is especially a concern if you are into the nostalgic side of gaming: These were all retro gaming apps and have been installed over a million times, since being released. That is a lot of potential infections, even if only a fraction of that group taps links to malware. At the time of writing, none of them appear to be available any longer from the U.S. App Store.

Golduck is known for some time as an Android malware that infects games. It was first discovered by Appthority and the malware is found to be infecting classic and retro games on Google Play, by infecting apps with a backdoor code allowing malicious payloads to be pushed to the device. At the time, more than 10 million users were affected by the malware, allowing hackers to run malicious commands at the highest privileges, like sending premium SMS messages from a victim’s phone to make money.

Now, the researchers say iPhone apps linked to the malware could also present a risk. According to the Wandera researchers, the App Store issue is not yet as serious as the Google Play one. The apps are not compromised and do not yet contain malicious code. Currently, the server is just pushing a list of icons in a pocket of ad space in the corner of the app. And when a user opens the game, the server tells the app which icons and links it should serve to that person.

For now, the apps are packed with ads, seemingly to make money. The concern is that this could change: The apps are already communicating with a malicious server and this could open them up to further abuse.

While Apple is typically pretty good when it comes to the security of its App Store, this is a rare example of a lapse on Apple’s part. It is by no means the only one to occur, but typically iOS users are better protected than their Android-using compatriots. Still, it is yet another illustration of why you need to be careful with what you choose to download, even if the store operator is normally good about screening rogue software.

Source

 

Tags:

, , , ,
Haridas Gowra Avatar
Haridas Gowra
Loves space, gadgets, comics and believes PC is superior to consoles.

Help Us Grow

If you like this post, please share it with your friends.

You are free to copy and redistribute this article in any medium or format, as long as you keep the links in the article or provide a link back to this page.

Subscribe to Newsletter

Privacy Settings

Privacy & Cookie Overview

Our website uses cookies to provide you with the best user experience possible. These cookies are stored in your browser and perform essential functions such as recognizing you when you return to our website, as well as helping us to understand which sections of the website you find most useful and engaging.

To learn more, you can read our Privacy & Cookie Policy or reach out through our Contact form.

Strictly Necessary Cookies

Strictly Necessary Cookies must always be enabled to ensure the proper functioning of this website and to allow us to provide you with excellent service. These cookies are also essential for saving your cookie preferences.

Google Adsense

We use Google AdSense to keep this site free by displaying relevant ads. AdSense requires essential cookies that cannot be disabled, but you can manage other cookies. We respect your privacy and provide options to control non-essential cookies.

For more details on how Google handles your data, visit Google's Data Usage Policy. Please review our Privacy Policy for more information on how we protect your data.

AddToAny

We use AddToAny for social sharing. It doesn’t store cookies, ensuring a privacy-friendly experience. AddToAny complies with GDPR and CCPA by default.

For more, see their Privacy Policy.

OneSignal

We use OneSignal to send notifications to users who opt in. OneSignal complies with GDPR and is certified under the EU-US and Swiss-US Privacy Shield frameworks.

For more, see their Privacy Policy.

3rd Party Cookies

This website utilizes third-party cookies, which can enhance your experience and support our ongoing efforts to improve our services.

Google Analytics

We use Google Analytics to collect anonymous data, such as visitor numbers and popular pages, to improve user experience and site performance. Keeping this cookie enabled helps us refine the site based on visitor activity.

For more information, see Google’s Privacy Policy.

Discover more from Prime Inspiration

Subscribe now to keep reading and get access to the full archive.

Continue reading