Ever wondered that the Guardian of your system software that is meant to protect your system against malware attacks can step into the breach?

A recent security research demonstrated a popular anti-malware  called Adware Doctor App that was supposed to protect Apple MAC users against privacy and security threat, ironically, siphoned off browsing history and information about system processes and applications.

It turns out that Apple; the most convincing consumer electronics and computer software brand in terms of security is under interrogation for not acting quickly in removing the dubious app.

What is Adware Doctor?

Adware Doctor was one of the top paid apps (sold for $14.99) in the Mac app Store with 4.8 star rating and over 7,000 reviews. The app claimed to:

1. Remove suspicious and unwanted extensions
2. Clear Browser cookies and caches to restore your browser
3. Remove Adware, malware and other nasty system infections from Apple PCs.
4. Kill annoying pop-ups and
5. Retain Bookmarks and Browser History

These features may appear amusing and technically the anti malware program did stand by its promise but only to fulfill its selfish ulterior motives. The latter feature i.e. retain Bookmarks and browser history was chosen to stealthily collect victim’s browsing history from all the browsers (Chrome, Firefox and Safari ) installed in the system and store it in the remote server that is administered by someone from China.

Adware Doctor- Threat Behavior

When Adware Doctor App, a security program is installed on MAC systems it executes a series of steps that run in the background without user knowledge. These include:

1. It first establishes a connection with the remote server based out of China.
2. It then downloads the device’s database pattern and encrypts them so that user cannot understand it.
3. Cleaning is processed.
4. A folder named Check Adware is created that contains a password protected file called zip.

The Zip folder contains the following files:

1. appstoreHistory: This file contains the search information conducted by victim on App Store.
2. psCommonInfo: Adware Doctor tracks every single process and application you have installed and stores the collected information in this file.
3. chromeHistory: This file contains Browsing History conducted by user on Chrome Browser.
4. firefoxHistory: This file contains Browsing History conducted by user on Firefox Browser.
5. safariHistory: This file contains Browsing History conducted by user on Safari Browser.

The history.zip file containing these details is sent to a Chinese based remote host named adscan.yelabapp.com. This domain is hosted on Amazon AWS servers and its DNS Records clearly depicts its geo of administration i.e. China.

Adware Doctor up in the air since 2015

It is known that Adware Doctor has a dubious history. The first version of the malicious program known as Adware Medic was released in December 2015. Since then the nasty program was under suspicion radar of security researchers who collected evidences against its effectuated ill practices. Apple immediately removed the pernicious app when reported but was soon replaced by an identical app named Adware Doctor.

Anger on Apple for delaying the removal of Reported Apps

Apple has done a commendable job in keeping the maleficent apps out of the store. The Tech-savvy however is held responsible for giving some slack to this issue.

As per the security researchers, Apple was informed about the malice in August. However, the company didn’t pay heed to the issue and the app continued to remain in the Mac Store till September.

UPDATE

Apple has now successfully removed the malicious Adware Doctor App from the App Store

In the next release of MAC OS, Mojave, the company is known to add additional security features like extending sand-boxing protection on privacy-sensitive content like browsing histories and cookies on Safari browser.

Hits: 129