Security researchers found that dozens of iPhone apps are currently communicating with a server of Golduck. Golduck is an Android-focused malware. It infects popular classic game apps. Researchers say those iPhone apps linked to Golduck Malware are risky.
Also Read:
Apple Vision Pro
iPhone 15 Pro Review
The Golduck malware was first detected over a year ago by Appthority infecting classic and retro games on Google Play. The malware was injected through a backdoor code which allowed malicious payloads to be silently pushed to the Android devices.
At that time, more than 10 million Android users were affected by Golduck Malware. It allows hackers to run malicious commands at the highest privileges. It can be tasks like sending premium SMS messages from a victim’s phone to make money.
Ann security firm Wandera found 14 retro-style game apps that were communicating with the same command and control server used by the Golduck Malware.
The apps include Classic Brick – Retro Block, Commando Metal: Classic Contra, Super Adventure of Maritron, Roy Adventure Troll Game, Trap Dungeons: Super Adventure, Block Game, Classic Bomber: Super Legend, Brain It On: Stickman Physics, Bomber Game: Classic Bomberman, Super Pentron Adventure: Super Hard, The Climber Brick, and Chicken Shoot Galaxy Invaders, Bounce Classic Legend, Classic Tank vs Super Bomber.
Michael Covington (Wandera’s vice-president of product) said The Golduck Domain was under the watchlist of the team due to its use in distributing a specific strain of Android malware in the past year. They found communication between the known Golduck malware domain and iPhone devices and started a investigation further.
According to the researcher’s team, they found that the command and control server simply pushes a list of icons in a pocket of ad space in the upper-right corner of the app. Later, when the user opens the game, the server tells the app which icons and links it should serve to the user. They also found that some apps send IP addresses, device type, app version, and in some cases, location data of the user – back to the Golduck command and control server.
As of now, the researchers say that the apps are packed with ads to make a quick buck. However, they expressed concern that the communication between the app and the Golduck Malware server could open up the app and the device to malicious commands down the line.
Researchers say that the app’s core data doesn’t contain any malicious code. But from backdoors, they present a risk of exposure of customer’s data. Hackers can also insert redirecting links in the user’s device. It can lead to redirecting the user to a malicious site or installing new certificates. From these certificates, hackers can access more device data.
This may not happen to many other iOS apps, but the connection between the iPhone device and the Golduck Server is not a good sign. The implication is that if the server is sending malicious payloads to Android users, iPhone users could be next.
People cannot contact the developers of these apps, as many of the contact links in the app store are dead. Also, there are no ways to contact them on privacy policy pages. The registrant on the Golduck domain appears to be fake, along with other domains associated with Golduck, which often have different names and email addresses.
Apple’s app stores may have a better reputation than Google’s Play Store, which every once in a while lets malicious apps slip through the net. But in reality, neither store is perfect. Earlier this year, security researchers found a top-tier app in the Mac App Store that was collecting users’ browsing history without permission and dozens of iPhone apps that were sending user location data to advertisers without explicitly asking first.
If there’s one lesson, now and always: don’t download what you don’t need, or can’t trust.
No products found.
