1200 apps on Apple’s App Store infected with malware

Although app stores have strict security filters to prevent malware-laden apps from being published, malicious developers sometimes make their creations appear as legitimate apps. Apple has just reported the detection of over 1,200 iPhone/iPad apps that contained malicious code to extract data from users and redirect it to invasive advertising sites.

The apps have been downloaded more than 300 million times, and apparently their developers created a highly effective way to evade malware detection processes for iOS.

In a subsequent report, security firm Snyk announced the detection of an anomic support in the Mintegral software development kit, developed in China and dedicated to advertising, which records URL requests and request headers made by users of the application, which can access personal information stored on the phone.

In Snyk’s business blog, researcher Alyssa Miller said, “The scope of this data collection campaign is much greater than similar campaigns have achieved.” Miller also mentioned that the app uses questionable coding methods to access such levels of information.

Because a considerable number of legitimate applications use the Mintegral SDK, users cannot do too much to stop this behavior, Snyk researchers consider it. 

Regarding how Mintegral works, researchers believe this is one of the most commonly used advertising SDKs in the world and is even available for Android, although researchers were unable to detect malicious activity in the SDK for this operating system. Mintegral also has the ability to commit advertising fraud by hijacking ad requests from other advertising frameworks and claiming them as their own, stealing revenue that should have gone to other developers.

Finally, the researchers mentioned that Mintegral behaves in a way that tries to hide his activity: “When found evidence that it is being observed, Mintegral modifies its behavior, in what seems an attempt to hide its malicious activity”. Snyk also discovered that the SDK stops its operation if it detects that it is running on a rooted smartphone or if the device has a debugging tool, which are environments where researchers often perform their security tests.