One of the top paid utilities in the Mac App Store that claims to protect your Apple computer against malware is actually spyware in disguise that does just the opposite. The app, Adware Doctor, retails for $5 on Apple’s online storefront, and security researchers discovered that the malicious app actually collects your browsing history across the Safari, Chrome, and Firefox browsers and sends that data to a China-based server.
Originally, the app was posed as Adware Medic, sharing a similar name to the AdwareMedic app that was acquired by Malwarebytes, forcing Apple to remove the copycat. However, after it changed its name to Adware Doctor, Apple allowed the app back into the Mac App Store, and the app has garnered a number of likely fake five-star reviews. Security researcher Patrick Wardle with Privacy 1st claimed that he notified Apple about the app’s malicious behavior, according to a report on 9to5 Mac. Apple removed the app after numerous tech publications reported on the app’s behavior on Friday, September 7.
In addition to sending your browsing history to China, Adware Doctor also has access to your iTunes search history as well as other apps that are installed on the Mac. Because it poses as an app designed to scan your Mac for malware and spyware, Adware Doctor was able to overcome the sandbox protections on the Mac. Wardle discovered that the app requested universal access on first run, which gave it access to information found from within other apps, like browsing history data on Safari. Apple claims that the release of MacOS Mojave this fall will bring new privacy protections designed to prevent apps like Adware Doctor from accessing Safari browsing history.
However, Wardle noted that the app does actually clear your browser of adware, and the app’s data collection stopped a few days ago, PCMag reported. 9to5 Mac reported that the server in China is now offline, but there’s still a chance it could resume operation.
Adware Doctor’s entry in Apple’s official Mac App Store should be cause for concern for consumers. Even if the app is highly rated — Adware Doctor came with more than 6,000 positive reviews — users should always research an app and the developer before installing anything from the internet, regardless of where it comes from. This incident follows an earlier report this week of a rogue Chrome browser extension. A fake extension was uploaded to Google’s Chrome webstore after the original developer was hacked, allowing the hackers to gain access to its users’ logins to other sites and services.
According to Malwarebytes‘ director of Mac and mobile Thomas Reed, the firm has worked with Apple numerous times in the past to remove fake apps, but these apps will reappear as a new version with a new name before long. “It’s blindingly obvious at this point that the Mac App Store is not the safe haven of reputable software that Apple wants it to be,” he said.