One of the popular anti-malware app in Mac called Adware Doctor was discovered collecting sensitive information of users without permission and sending it to someone in China.
A security researcher named Privacy 1st identified it first and said that the app collects user browsing history from the Safari, Chrome, Firefox browsers, APP store search history and from a set of running processes.
The gathered data is then converted into a password protected zip file called history.zip and uploaded to a remote server.
The domain is hosted on Amazon AWS servers, and when checking DNS records, it showed names related to China.
The researcher said that he has notified Apple about the app and it took Apple about one month to remove the app from the app store.
Adware Doctor is an anti-malware app which has a 4.8-star rating and has over 7000 reviews. The app is also number 1 paid utility app in the app store.
Here below is the analysis video done by Privacy 1st on the incident:
If Apple is really “review[ing] each app before it’s accepted by the store” … how were these grave (and obvious) violations of this application missed!? Who knows, and maybe this one just slipped through. Maybe we should give them the benefit of the doubt, as yes we all make mistakes!, But this bring us to the next point. Apple also claims that “if there’s ever a problem with an app, Apple can quickly remove it from the store”. Maybe the key word here is “can”.said in the blog post published by the researcher.
You may be interested in reading: OilRig APT Group spotted using a new Trojan called OopsIE against Middle East Organizations