iPhone malvertising app downloaded millions of times calls 22 known malicious servers

iPhone malvertising app downloaded millions of times calls 22 known malicious servers
featured image

This article appeared in SC Magazine on March 22, 2019.

A compromised iPhone App was found to be using malware to infect users by calling 22 known malicious domains.

Researchers at The Media Trust discovered that a compromised iPhone app which had been downloaded by millions across the globe was infecting user devices with persistent malware hidden within the ad’s style sheet which called the malicious servers to deliver payloads.

The app activates and calls the malicious domains as soon as its opened and will redirect the user out of the application itself and into the malicious site or to a phony reward popup or survey. Users unable to close the malicious app would be delivered the payload.

The malware made its way into the malicious app via a small Demand Side Platform (DSP) with a poor reputation for vetting ads and was embedded in the style sheets and loaded in the background to elude users and anti-malware.

Researchers noted that since most publishers don’t have visibility into third-party code that enables their apps to function and that the code is even harder to monitor and manage when its linked to in-app advertising. As a result, the malvertising campaigns become a lucrative investment for cybercriminals.

“The Media Trust discovered 34 other domains and more than 30 cookies that operated outside the app publisher’s infrastructure,” researchers said in the report. “If these domains and cookies collect and distribute user information without the latter’s consent, a publisher could be liable to a heavy penalty under GDPR, the California Consumer Privacy Act, or a growing number of privacy laws.”

Researchers said attackers who exploit these vulnerabilities are born out of the digital environments lack of transparency.