Apple App Store games found to be communicating with malware

Photo via Twitter

Security researchers found over a dozen apps sending information to the server associated with Android-based malware

Researchers from security firm Wandera have discovered 14 iPhone games that communicated with a server that became infamous for controlling the Golduck malware for Android.

The researchers said the iPhone apps were loaded with ads, which could have duped users into tapping a link and granting permission for malware installed outside the App Store.

"The apps themselves are technically not compromised; while they do not contain any malicious code, the backdoor they open presents a risk for exposure that our customers do not want to take," Wandera told TechCrunch.

"A hacker could easily use the secondary advertisement space to display a link that redirects the user and dupes them into installing a provisioning profile or a new certificate that ultimately allows for a more malicious app to be installed."

Downloaded roughly a million times

Collectively, the apps in question have been downloaded around a million times. However, Apple has now removed them from the App Store. Those who attempt to download them will get a message that says, “not currently available in the US store.”

While this prevents unique users from downloading the apps, some iPhone owners may still have the apps on their device. Here are the 14 different retro games that were recently dubbed risky by Wandera’s Threat Research team:

  • Commando Metal: Classic Contra

  • Super Pentron Adventure: Super Hard

  • Classic Tank vs Super Bomber

  • Super Adventure of Maritron

  • Roy Adventure Troll Game

  • Trap Dungeons: Super Adventure

  • Bounce Classic Legend

  • Block Game

  • Classic Bomber: Super Legend

  • Brain It On: Stickman Physics

  • Bomber Game: Classic Bomberman

  • Classic Brick - Retro Block

  • The Climber Brick

  • Chicken Shoot Galaxy Invaders

“Wandera researchers identified regular communication between the various apps and a Golduck Command & Control server,” the firm said. “Our security researchers discovered a secondary area being used to display ads that are not powered by Admob and instead, present content from a known malicious server.”

Take an Identity Theft Quiz. Get matched with an Authorized Partner.