publisher Chinese has fooled Apple’s wariness into accepting malware and distributing it on the Mac App Store.
According to TechUnwrapped, Apple puts a lot of emphasis on security in their App Store to create a more closed ecosystem than Android or Windows. That doesn’t mean Apple doesn’t make mistakes in ignoring threats, though.
A new report from cybersecurity researcher Alex Kleber has identified a number of Chinese malware appearing on the Mac App Store. The investigation uncovered seven different developer accounts that all belonged to a publisher based in China. The software contains hidden malicious code that can receive commands from the server. This malicious code is only activated when the app in question has been approved by Apple, thereby fooling the company’s security system.
Using this technique, the developer can even completely change the look and feel of the application. As a result, the app authenticated by Apple is not the same as the last app the user downloaded and installed. To make them harder to track, all communication is with domains that use services like Cloudflare and GoDaddy, allowing them to hide their hosting provider.
One of these apps is PDF reader which has been downloaded many times on the Mac App Store in the US, even being one of the most installed apps. The app requires a paid subscription while providing the same functions as any regular free PDF reader, or not even working at all.
positive responses fake to hide the bad reviews about the app. Since the report was released, Apple has responded by removing many fake reviews of these apps, and one of them has even been removed from the Mac App Store entirely.
