Security researchers say they’ve discovered greater than a dozen iPhone apps covertly speaking with a server related to Golduck, a traditionally Android-focused malware that infects well-liked traditional recreation apps.
The malware has been identified about for over a yr, after it was first found by Appthority infecting traditional and retro video games on Google Play, by embedding backdoor code that allowed malicious payloads to be silently pushed to the machine. At the time, greater than 10 million customers have been affected by the malware, permitting hackers to run malicious instructions on the highest privileges, like sending premium SMS messages from a sufferer’s cellphone to earn a living.
Now, the researchers say iPhone apps linked to the malware may additionally current a danger.
Wandera, an enterprise safety agency, stated it discovered 14 apps — all retro-style video games — that have been speaking with the identical command and management server utilized by the Golduck malware.
“The [Golduck] domain was on a watchlist we established due to its use in distributing a specific strain of Android malware in the past,” stated Michael Covington, Wandera’s vice-president of product. “When we started seeing communication between iOS devices and the known malware domain, we investigated further.”
The apps embody: Commando Metal: Classic Contra, Super Pentron Adventure: Super Hard, Classic Tank vs Super Bomber, Super Adventure of Maritron, Roy Adventure Troll Game, Trap Dungeons: Super Adventure, Bounce Classic Legend, Block Game, Classic Bomber: Super Legend, Brain It On: Stickman Physics, Bomber Game: Classic Bomberman, Classic Brick – Retro Block, The Climber Brick, and Chicken Shoot Galaxy Invaders.
According to the researchers, what they noticed to this point appears comparatively benign — the command and management server merely pushes an inventory of icons in a pocket of advert house within the upper-right nook of the app. When the consumer opens the sport, the server tells the app which icons and hyperlinks it ought to serve to the consumer. They did, nevertheless, see the apps sending IP tackle information — and, in some circumstances, location information — again to the Golduck command and management server. TechCrunch verified their claims, working the apps on a clear iPhone by means of a proxy, permitting us to see the place the information goes. Based on what we noticed, the app tells the malicious Golduck server what app, model, machine sort, and the IP tackle of the machine — together with what number of adverts have been displayed on the cellphone.
As of now, the researchers say that the apps are full of adverts —…