The Security researchers Finds Golduck Malware Infecting apps privately the iPhone apps are communicating with a server linked with Golduck, it’s an historically Android-focused malware that infects popular classic game apps.
This malware has been discovered about an year ago, it was primarily found by Appthority which was influenced classic and retro games on Google Play, by embedding backdoor codes that allowed malicious payloads to be silently pushed to the device. Due to which, nearly 10+ million users were infecting by the malware, opening gates for spamers and hackers to run malicious commands at the highest immunity granted, like sending premium SMS messages from a victim’s phone to make money.
Recently, the researchers found iPhone apps linked malware pesenting the same danger
The apps include: Commando Metal: Classic Contra, Trap Dungeons: Super Adventure, Super Adventure of Maritron, Super Pentron Adventure: Super Hard, Classic Tank vs Super Bomber, Bomber Game: Classic Bomberman, Classic Brick – Retro Block, Roy Adventure Troll Game, Brain It On: Stickman Physics, Bounce Classic Legend, Block Game, Classic Bomber: Super Legend, Chicken Shoot Galaxy Invaders and The Climber Brick.
An enterprise security firm, Wandera announced they have found 14 apps all retro-style games apps that were communicating with the same control and command server used by the Golduck malware.
Wandera’s vice-president of product, Michael Covington said “Golduck domain was on a watchlist we established due to its use in distributing a specific strain of Android malware in the past, When we started seeing communication between iOS devices and the known malware domain, we investigated further.”
According to Wandera, what they saw so far seems relatively benign the command and control server simply pushes a list of icons in a pocket of ad space in the upper-right corner of the apps. When the user opens the game, the server tells the app which icons and links it should serve to the user. They did, however, see the apps sending data of IP address and, in some cases, location data back to the Golduck command and control server.
Yet, researchers tells that the apps are packed with ads likely as a way to make a quick buck. But they expressed concern that the communication between the app and the known-to-be-malicious server could open up the app and the device to malicious commands down the line.
“The apps do not contain any malicious code, and the apps themselves are technically not compromised but the backdoor they open presents a risk for exposure that our customers do not want to take.
As said by researchers “The hackers can easily access the secondary advertisement space to display a link that redirects the user and dupes them into installing a provisioning profile or a new certificate that ultimately accessabe to more malicious app to be installed.”
Apple yet not responded when reached to researchers publication. The apps are appear to still be downloadable from the App Store, but all now say they are “not currently available in the U.S. store.”
There’s only lesson, now and always: don’t download what you can’t trust or don’t need.