Apple approves 6 more infected iPhone apps: what are they

A new batch of infected and dangerous apps has been found on Apple's App Store: this time they contained the OSX/MacOffers virus

The Apple App Store's app "notarization" process has misfired again: it failed to protect users from publishing, and downloading, six more infected iOS apps. This time, the discovered apps contain the OSX/MacOffers virus; in August, another 40 apps were found infected with Shlayer and BundleCore, two other dangerous malware.

In both cases, the discovery was made by Intego, a cybersecurity company that specializes in analyzing macOS, iOS and iPadOS apps. Intego also claims that Apple removed the six infected apps even before the company had time to warn it: most likely another cybersecurity company had already done so or some user who, after downloading one of the apps, ended up with an infected iPhone. All six incriminated apps claimed to be "Flash installers", i.e. they promised to install Adobe Flash Player on the smartphone.

Infected iOS apps: why they are dangerous

The six apps discovered and removed from the App Store all contained the OSX/MacOffers virus (also known as MaxOfferDeal). This malware, among other things, changes the default browser to an infected version to further multiply the risks for the user.

To hide itself and pass the App Store checks, OSX/MacOffers uses the "steganography" technique: it hides secret information inside a jpeg image. This image actually contains a .zipper file with a second dangerous app inside, the one that actually infects the device.

Is the App Store safe?

Intego explains that thanks to steganography the OSX/MacOffers virus is very difficult to find: their tests show that only 4 out of 60 antivirus tested can find it, but to be precise they find the second app, not the first one (which no antivirus can find).

So it's true that Apple doesn't look good at all with these six new infected apps discovered on the App Store, but it's also true that no other store would have found and blocked them in time. In this particular case, the apps were uploaded to the App Store starting on October 6 and Apple removed them on October 12. On Google's Play Store, on the other hand, the time to remove an infected app is much longer.

Just to give a very recent example: in the past few days, 21 infected Android apps were found and 19 of them are still on the Play Store.

The apps to be deleted

Intego didn't specify which are the names of the infected apps to be removed, because Apple already did it anyway. Rather, the company has specified that they are all software to download and install Adobe Flash Player and this, in 2020, would seem absurd.

Adobe Flash Player, in fact, is a (dangerous) dinosaur of the Web: born to display animations and multimedia content, exploded with the first generation of games for mobile devices, is no longer supported even by Adobe.

Over the years, in fact, it has proved too easy to use for hackers, who have used and abused it to deliver viruses and execute dangerous code on devices. According to Intego, therefore, even before asking if the App Store is safe or not we should ask ourselves why, today, a user should use Adobe Flash Player.