Mac App Store apps found to be stealing data from users

A  number of apps found on Apple Inc.’s Mac App Store are alleged to be spying on users and stealing their data, according to a report from security firm Malwarebytes Inc.

Leading the list of apps is a tool called Adware Doctor, an app that claims to be the “best app” to remove a variety of common adware threats which target Mac users. Security researcher Patrick Wardle noted that the app deceptively exfiltrates private data, including browser histories, and then sends it to a remote server in China.

Spyware apps making their way into app stores are not unique, but most are obscure and rarely used. The opposite is the case with Adware Doctor. Before it was removed by Apple during the week, it rankedg as the fourth most popular paid app in the Mac App Store, meaning it potentially has an installed user base will into the millions.

Also included on the initial list:

  • Adware Medic, a predecessor of Adware Doctor with nearly identical data-stealing capabilities.
  • Open Any Files: RAR Support, an app that supports opening compressed files. It’s claimed to have also exfiltrated similar private data for several months late last year and this year and remains in the store as of Sept. 9.
  • Dr. Antivirus, which is also claimed to exfiltrate browser history and a detailed listing of all installed apps. It appears to have now been removed from the Mac App Store.
  • Dr. Cleaner, which like Dr. Antivirus steals data but in no longer available.

Since the initial report, another app with similar alleged data-stealing capabilities has since come to light, with 9to5Mac naming Dr. Unarchiver as allegedly stealing data.

“After extracting a zip file with the app, it offered an option to ‘Quick Clean Junk Files’. Selecting ‘Scan’ launched an open dialog with the home directory selected, this is how the app gets access to a user’s home directory, which it needs in order to collect the history files from browsers.” the report noted. “After allowing access to the home directory, the app proceeded to collect the private data and upload it to their servers (we blocked that with a proxy).”

The 9to5Mac report went on to claim that Dr. Unarchiver, Dr. Cleaner and others are being distributed by security firm Trend Micro Inc.

Since the apps are no longer in the Mac App Store, SiliconANGLE can’t confirm that they’re from Trend Micro. But an app called Dr. Playback is currently listed in the Google Play Store as coming from the company.

SiliconANGLE asked Trend Micro to comment on the report and will update this post if it responds.

Photo: Pxhere

Since you’re here …

Show your support for our mission with our one-click subscription to our YouTube channel (below). The more subscribers we have, the more YouTube will suggest relevant enterprise and emerging technology content to you. Thanks!

Support our mission:    >>>>>>  SUBSCRIBE NOW >>>>>>  to our YouTube channel.

… We’d also like to tell you about our mission and how you can help us fulfill it. SiliconANGLE Media Inc.’s business model is based on the intrinsic value of the content, not advertising. Unlike many online publications, we don’t have a paywall or run banner advertising, because we want to keep our journalism open, without influence or the need to chase traffic.The journalism, reporting and commentary on SiliconANGLE — along with live, unscripted video from our Silicon Valley studio and globe-trotting video teams at theCUBE — take a lot of hard work, time and money. Keeping the quality high requires the support of sponsors who are aligned with our vision of ad-free journalism content.

If you like the reporting, video interviews and other ad-free content here, please take a moment to check out a sample of the video content supported by our sponsors, tweet your support, and keep coming back to SiliconANGLE.