Mobile security company Wandera issued a report Thursday afternoon identifying 17 apps in Apple’s App Store infected with clicker Trojan malware, all of which are tied to the same India-based developer.

By Friday morning, Apple confirmed they’d been booted from the App Store.

Apple told at least one news outlet that 18 apps were removed following the report, but Wandera appears to believe that double-counts one of the apps, with the firm noting in its findings that its “initial list of infected apps included two instances of cricket score app ‘CrickOne’ that were hosted on different regional App Stores and contain distinct metadata.” Upon review, Wandera found that those apps use the same codebase.

This comes one day after we noted that another security company had uncovered the existence of some 42 adware-filled Android apps that racked up millions of downloads before Google kicked them off the Google Play Store.

From Wandera’s report, these are the 17 iOS apps the firm identified as being infected with malware that performs ad fraud by either making frequent connections to ad networks or websites — which is done to artificially boost visitor counts — or to generate pay-per-click revenue. Wandera cites a statement from Apple as confirming that the apps have been removed for having code that violates App Store guidelines by allowing for the artificial click-through of ads and that Apple has updated its detection tools.

Here are all of the apps in question:

  • RTO Vehicle Information
  • EMI Calculator & Loan Planner
  • File Manager – Documents
  • Smart GPS Speedometer
  • CrickOne – Live Cricket Scores
  • Daily Fitness – Yoga Poses
  • FM Radio – Internet Radio
  • My Train Info – IRCTC & PNR
  • Around Me Place Finder
  • Easy Contacts Backup Manager
  • Ramadan Times 2019
  • Restaurant Finder – Find Food
  • BMI Calculator – BMR Calc
  • Dual Accounts
  • Video Editor – Mute Video
  • Islamic World – Qibla
  • Smart Video Compressor

“The apps identified by Wandera communicate with the same (command and control) server using a strong encryption cipher that the researchers have not yet cracked,” Wandera’s report notes, adding this ominous detail: “Android apps communicating with the same server were gathering private information from the user’s device, such as the make and model of the device, the user’s country of residence and various configuration details.”