We often write about malicious Android apps on Google’s Play Store, but Apple’s App Store is typically more secure. Of course, that doesn’t mean that it’s impenetrable, as we’ve noted in the past. Dangerous apps do occasionally sneak through Apple’s app review process, and HUMAN’s Satori Threat Intelligence & Research team discovered ten such apps this month. Delete them ASAP if you’ve downloaded any iPhone apps on this list.
A short history lesson: HUMAN’s security threat team found a collection of over 40 Android apps in August 2019 committing advertising fraud. They named the investigation Poseidon after the malicious code they found in the apps.
Over a year later, in late 2020, the team reported on a “second wave” of ad fraud apps. They dubbed this new wave Charybdis, which is one of Poseidon’s offspring in Greek mythology. Now, nearly two years after that, a third wave has arrived: Scylla.
Delete these fraudulent iPhone apps ASAP
Scylla is yet another advertising fraud operation, but this one targets both iOS and Android devices. The team found 85 apps — 10 on iOS and 75 on Android — with malicious code. If you have any of these apps on your iPhone, delete them now:
- Loot the Castle – com.loot.rcastle.fight.battle (id1602634568)
- Run Bridge – com.run.bridge.race (id1584737005)
- Shinning Gun – com.shinning.gun.ios (id1588037078)
- Racing Legend 3D – com.racing.legend.like (id1589579456)
- Rope Runner – com.rope.runner.family (id1614987707)
- Wood Sculptor – com.wood.sculptor.cutter (id1603211466)
- Fire-Wall – com.fire.wall.poptit (id1540542924)
- Ninja Critical Hit – wger.ninjacriticalhit.ios (id1514055403)
- Tony Runs – com.TonyRuns.game
These apps employed a variety of ad fraud schemes, including spoofing bundle IDs to make advertisers think they were different apps, showing ads so that users can’t actually see them on the display, and faking clicks on ads to make more money.
The good news is that the team worked with Apple and Google to remove the malicious apps listed on its website from both app stores. That said, HUMAN believes that this is an ongoing attack, which means more dangerous apps could pop up in the coming weeks and months. Always be diligent when downloading new software.