IT and Business Insights for SMB Solution Providers

Adware Doctor App Turns Out To Be Adware Itself

The Apple AppStore is considered and recommended to be the best way to get programs for your Mac. After all, Apple states that“The safest placeto download apps for your Mac is the Mac App Store. Apple reviews each app before it’s accepted by the store...”. But what if one of the apps claiming to clean your computer of adware and malware turns out to be malicious itself? That seems to be the case with Adware Doctor.

Adware Doctor has risen to become one of the most popularpaid apps in theApple App Store.It is the top paid utility app, and the fourth paid app overall, giving it a spot on the app store main site. However, there has been some controversy in its history. When the app was first released, it was called Adware Medic. However, it was removed when Malwarebytes complained due to their app Adware Medic which wasreleased first. A few days laterthe app reappeared as Adware Doctor. Many of the high rated reviews are suspected to be fake to boost the app’s popularity as well.


Adware Doctorhas been revealed to secretly collect a user’s internet browsing history from multiple browsers, as well as activeprocesses running on the computer, and then sending that information to a server located in China. A security researcher with the Twitter handle@privacyis1st discovered the behavior and teamed up withanother researcher PatrickWardle to delve deeperinto the app.Adware Doctor requests accessto the user’s files, whichwould be a legitimate need for a malware scanner. However, it abuses that accessby finding browsing history from Chrome, Firefox,and Safari as wellas search historywithin the app store and a listof running processes on the machine. That by itself violates Apple rules by breaking out of the sandbox to enumerate the processes.

The app then archives this information into a zip file, history.zip, and sends it offto a web server locatedin China, adscan.yelabapp.com.

The researchers revealedtheir findings to Appleover a monthago, but Apple seemed to not do anything aboutit.

The app remained on the store. However, when the researchers finally went public withtheir findings, the app was quickly removed. Along with Adware Doctor and another appby the same developer calledAdBlock master, Apple removed 3 other related apps that were accused of exfiltrating browsing and search histories: Open Any Files,Dr. Antivirus, and Dr. Cleaner. Apple has yet to comment on why it took so long to remove the malicious apps that flagrantly violatedthe rules or howit got past the app store reviewin the first place.

Sources:

       

https://thehackernews.com/2 018/09/mac­adware­removal­ tool.html#comment­box

       

https://threatpost.com/apple­ finally­boots­sneaky­adware­ doctor­app­from­mac­app­ store/137319/ https://objective­ see.com/blog/blog_0x37.html

About the Author

ChannelPro SMB Magazine
SUBSCRIBE FREE!

Get an edge on the competition

With each issue packed full of powerful news, reviews, analysis, and advice targeting IT channel professionals, ChannelPro-SMB will help you cultivate your SMB customers and run your business more profitably.