News Update: Apple Removes Top Security App For Stealing Data and Sending it to China

[steven36]

Apple removed today the #1 selling anti-malware app called Adware Doctor from the Mac App Store because it was gathering browsing history and other sensitive information without a user's permission and then uploading it to someone in China.

 

 

 

Adware Doctor is promoted as an anti-malware and adware protection program that claims to be able to protect your Mac from malicious files and browser from adware. This program was the #1 paid utility in the Mac App Store with a 4.8 star rating and over 7,000 reviews.

 

 

Adware Doctor Mac Store Page

While it may have had the ability to remove infections on your Mac, it was also discovered to be quietly uploading a user's personal data without their permission to a remote site.

 

This behavior was first discovered by a security researcher named Privacy 1st who noticed that Adware Doctor would gather a user's browsing history from the Chrome, Safari, and the Firefox browsers, a list of running processes, and App Store search history.

 

This information is then stored in a password protected zip file called history.zip. After the history zip was created, it would be uploaded to a remote server. 

 

 

To illustrate this behavior, Privacy_1st created a video that illustrates what happens when the program is executed.

 

After discovering that this program was performing data exfiltration, or the act of secretly uploading data to a remote server, the researcher contacted Patrick Wardle of Objective-see to collaborate with him on the analysis of this program.

 

In a blog post released today, Patrick corroborates Private_1st's findings and provides a detailed analysis of how the program would secretly gather a user's browsing habits and application details and then upload it to a remote host.

 

Commands executed by Adware Doctor to gather information
Source: Objective-see.com

 

 

Data uploaded to server in China

When Adware Doctor uploaded a user's data, it would send the history.zip file to a remote host named adscan.yelabapp.com. While this domain is hosted on Amazon AWS servers, its DNS records clearly show that it is administered by someone from China.

 

DNS records for yelabapp.com (Source: Objective-see.com)

 

It is not known what a user's browsing habits and search history is being used for, but it is obviously concerning that a program is collecting this information without a user's knowledge and sending it to an unknown organization in another country.

Adware Doctor has a dubious history

It turns out that Adware Doctor has a dubious history and that Thomas Reed, the developer of Malwarebytes for Mac, has also been keeping an eye on this program since 2015.  

 

"The developer of this app is one that we at Malwarebytes have had our eye on since 2015," Reed stated in a Malwarebytes blog post. "At that time, we discovered an app on the App Store named Adware Medic—a direct rip-off of my own highly-successful app of the same name, which became Malwarebytes for Mac. We immediately began detecting this, and contacted Apple about removing the app. It was eventually removed, but was replaced soon after by an identical app named Adware Doctor."

 

In addition to Adware Doctor, Reed has seen this type of data exfiltration in other products as well. For example, Reed stated that similar behavior was historically detected in programs called "Open Any Files: RAR Support", "Dr. Antivirus", and 'Dr. Cleaner".

 

According to Reed when he contacted Apple regarding the Open Any Files software, nothing was done.

 

"We reported this app to Apple in December 2017. It is still present on the App Store." Reed stated.

Apple too slow to remove reported apps?

While Apple has definitely done a good job at keeping malicious applications out of their store, you have to wonder why reports from known researchers and companies are being ignored. As Wardle states in his blog, even though anyone can make a mistake, the researchers had contacted Apple about this application over a month ago, and in Reed's case much longer, and the apps continued to remain in the Mac Store.

 

"If Apple is really "review[ing] each app before it's accepted by the store" ... how were these grave (and obvious) violations of this application missed!?," Wardle states in his blog post. "Who knows, and maybe this one just slipped though. Maybe we should give them the benefit of the doubt, as yes we all make mistakes!But this bring us to the next point. Apple also claims that "if there's ever a problem with an app, Apple can quickly remove it from the store". Maybe the key word here is "can"."

 

From the finding from these three researchers, all from different organizations, it is clear that Apple needs to do a better job acting upon the free research provided by security professionals who are trying to protect consumers.

 

Source

 

[steven36]

Apple yanks top Mac app a month after learning it sends user info to China

 

When a group of security researchers reported a popular but allegedly dangerous Mac App Store utility to Apple, noting that it secretly sends “highly sensitive user information” to an “unscrupulous” developer, Apple’s response for a full month was surprising: “crickets.” But after a cluster of bad press today, Apple finally pulled Yongming Zhang’s app Adware Doctor: Anti Malware &Ad from the store.

 

Three researchers, including former NSA staffer Patrick Wardle, Thomas Reed of Malwarebytes, and “privacy fighter” @privacyis1st, said in a blog post today that they reported Adware Doctor last month for sending a user’s Safari, Chrome, Firefox, and App Store browsing histories alongside lists of the Mac’s apps and running processes to a server in China. Despite receiving confirmation that Apple received the report, the $5 app remained in the App Store — where it was ranked the number one paid app across all Mac utilities.

 

The researchers noted that Adware Doctor appeared to blatantly violate Apple’s sandboxing security policies for Mac apps, using software tricks to gather and exfiltrate private usage data in ways that shouldn’t be possible given Apple’s Mac App Store policies. Moreover, the privacy implications are serious: They write that sharing that information even once is a serious violation of user privacy, as “your browsing history provides a glimpse into almost every aspect of your life,” but the app’s gathering has apparently been going on for some time, possibly years.

 

 

Most troublesome is that Adware Doctor continued to operate despite the Mac App Store’s pledge of being “the safest place to download apps for your Mac,” and Apple’s claim that “if there’s ever a problem with an app, Apple can quickly remove it from the store.” The operative word there is “can,” as the researchers say that they saw no action by Apple to pull the app for a month, during which time users continued to unknowingly suffer from privacy violations. Rather than following up on the report immediately, Apple only removed the app after the blog post began to pick up traction online.

 

It should be noted that there is more than one “Adware Doctor” in the Mac App Store. Similarly named apps from two other developers remain in the utilities section of Apple’s official online shop, both at the same $5 price point, but with lower user ratings. In addition to alleging privacy violations, the blog post accuses the developer of using fake user ratings to pump up Adware Doctor’s profile, and says that’s another issue that Apple isn’t properly dealing with in the App Store — potentially because of the money it generates from continued sales of popular apps, regardless of their merits.

 

A related article from Malwarebytes notes that Dr. Cleaner, Dr. Antivirus, and Open Any Files: RAR Support are all using similar practices to harvest user data. It also details how Adware Doctor started life as a “direct rip-off” of Malwarebytes’ own Adware Media app in 2015, and got pulled years ago from the store, but was eventually renamed and returned by Apple to the Mac App Store.

 

Source

[dMog]

scary stuff...

[straycat19]

You can't trust apps in the MAC Store any more than you can in the Windows Store.  It has been obvious since stores of this type were being made available that the various entities hosting them do not do a thorough job of vetting them.  Google, Firefox, Facebook, etc will host an extension/app without doing a thorough vetting and the average user believes that all these organizations have their safety, security, and privacy (until recently) as priority number one.  Not allowing users to install apps, extensions, etc, has been the greatest security initiative an organization can take. 

 

Now what all of them need to do is figure out a way to remove all the malicious apps/extensions automatically from all the systems they are installed on.  Some have tried but the results have been shoddy.

[steven36]

7 hours ago, straycat19 said:

You can't trust apps in the MAC Store any more than you can in the Windows Store.  It has been obvious since stores of this type were being made available that the various entities hosting them do not do a thorough job of vetting them.  Google, Firefox, Facebook, etc will host an extension/app without doing a thorough vetting and the average user believes that all these organizations have their safety, security, and privacy (until recently) as priority number one.  Not allowing users to install apps, extensions, etc, has been the greatest security initiative an organization can take. 

 

Now what all of them need to do is figure out a way to remove all the malicious apps/extensions automatically from all the systems they are installed on.  Some have tried but the results have been shoddy.

Yes its called  a false sense  of security , When you install windows 10  it don't just send your data too Microsoft, witch all windows do this too a point ,just Windows 10 does it worse. it comes full of apps like the Facebook App  and others and unless you remove them all using power shell Facebook App will call home and every other  app be calling home and this is just installing a fresh install of windows 10..  I just posted a article  about how many people  have removed  there Facebook App from there phones because of the data harvesting scandal  and Microsoft is a Face Book  partner and you get that app by just installing Windows 10      But  Facebook or Google is adware itself  you must not read the news .

 

You sound crazy talking about  what Facebook must do because that's how they made all there money was spying on it's users and they still are plus they  give Governments access to there API to keep a eye on you like all the stings that went down on Facebook in the EU this year  .  Same with Google they are and  ad company as in adware they made all there money from harvesting data and selling it .Data is like a goldmine   and it dont  matter if you install from a walled garden or not there are many apps full of spyware  that are just installed , the only one you say that can be controlled is Firefox because it's open source  and can be reversed because it's open source because you have access  to the code.  , Firefox is no angels because they bake in  Google and others spying services for money that's were they get there money from to keep making it. . The problem are the Companies themselves are part of the problem  just one app sells it to China and the next app sells it to some place else.

 

So you thinking any of these apps will ever be spyware free you just fooling yourself and need to wake up and smell the coffee there is no such thing as a free lunch . And as far shareware apps you pay for windows has loads of them in installers many companies are greedy and harvest your data even though you pay for it . After all Windows 10 itself cost money it was only free for the 1st year.

 

Not only do the app makers spy on you , Many hackers have figured out ways to exploit these unblocked holes they the leave on your system. Were do you think Hackers got the idea to use social engineering to trick you?  They got the idea from places like Google and Facebook  who have been doing it to there users for years . People will install anything if they don't have to pay for it. And people will buy anything in the name of security  even if it spies on  you and most security apps do to a point . That's most why Linux users don't use and antivirus.   Spying on users runs so deep in computers that there are backdoor built into the hardware even  and they try to patch it up with firmware updates .

 

Sometimes I think the  USA Government gave  access to the internet public as a way to spy on everyone and keep track of them . After all the USA Military had it for years before they ever made it public. People like you and my Uncles who served in the USA Military used the internet long before it was even public.

 

You crazy man  most all of Apples stuff is now made in China and Google is fixing to do a multi billion deal with China  they are part of the problem. Just like most rich people in the USA are part of the problem who sent millions of jobs to China . If the  rich would of never sent all the jobs to China to send the goods we made back to us, we would not hardly even depended on China for imports and exports  and there would not be a trade war. up tell the early 2000s when jobs started going out of the USA things were peachy. The rich caused it and and a rich person started the trade war. The rich and middle class  are the ones crying about it ,poor people don't have money to buy stuff anyways. the Government  are the ones who  done it to pay back all that money we owe China to fund wars and in stuff . And  if will be up to the Government to fix it but people are going to suffer ether way from it . We live in nation full of traders were Money is more important  than there country is to them, that's the problem. Time to drain the swap .

 

I don't have nothing against rich people if they create jobs in my home area , but i  can't stand the ones who don't and that's 99% of the rich I can't stand ..I'm a realest I worry about my own people not the rest of the world but i wish them the best of luck. Why should my people have to move to Texas witch some of my family has or to other places to get jobs they should be able to find one right here,  but the sad fact is  there hardly is any work here . When i hear about all these Silicon Valley  Billion dollar outfits they never done nothing for my people but spy on them. They never created 1 job in my area they can all go to hell as far as i see it.  There is still millions of people with no jobs no matter what the news say about our  economy. One my old bosses told us years ago. when they were closing the plant down because of imports and the industry starting plants in China, that sooner or latter people will run out of money in the USA,  and they want have a choice but to bring the jobs back to the USA ,  if all our money goes somewhere else we will  run out of money to buy things from China. If everyone runs out of money  but the rich it's going to start a internal war .

 

Only thing has prevented it so far is peoples families  taking care of those that can't find jobs. Sooner or latter the it's  going to run out the ones who have Jobs will lose them and everybody dies sooner or latter they depend on. then they will be millions of people with nothing who will knock you in the head and take what you got. so something has to  be done before it's too late. Now days most  people from the USA dont have nothing to leave to there kids anymore because they in debt so far. Back 50 years ago even poor people had lots of land and stuff to leave to there kids. People having to support themselves and all the millions with no jobs that's reality   not this fairytale picture the media paints.