Adware Doctor App Mac
Adware Doctor is one of the most popular paid apps in the App Store for Macs, and it’s on sale! Unfortunately, you probably don’t want to take advantage of the bargain because new research shows. Adware Doctor, Spyware Disguised as Anti-Malware Tool, Allowed into Mac App Store Adware Doctor. And this wasn’t just any app in the Mac App Store – Adware Doctor was one of the top paid utilities. Malicious Behavior Discovered. According to 9to5 Mac, Patrick Wardle, a security researcher with. Adware Doctor, one of the top paid applications on the official Mac Store marketplace, was analyzed in detail this week by Objective-See, a research platform created by former National Security. A screenshot from the Mac App Store where Adware Doctor is still being sold. Watching Adware Doctor closely through tools such as a process monitor and network monitor, researchers noticed the app create a “history.zip” file, then sends the file to yelabapp.com, which is owned by an entity in China.
Apple has removed an app called Adware Doctor:Anti Malware &Ad from the macOS App Store following claims it sent users' browser histories to a remote server in China.
- Apple has removed an app called Adware Doctor:Anti Malware &Ad from the macOS App Store following claims it sent users' browser histories to a remote server in China. The app's misbehavior was first noted by a security researcher who goes by name Privacyis1st on Twitter and claims to have alerted Apple to the weirdness in early August.
- Adware Doctor was a $4.99 app in the Mac App Store from a developer supposedly named Yongming Zhang. The app purported to protect your browser from adware by removing browser extensions, cookies, and caches.
The app's misbehavior was first noted by a security researcher who goes by name Privacyis1st on Twitter and claims to have alerted Apple to the weirdness in early August. /add-app-launchpad-mac.html. What's more, this appears not to be an isolated incident: Malwarebytes on Friday noted that several different macOS App Store apps have been spotted siphoning off folks' data.
Another security researcher, Patrick Wardle, working in conjunction with Privacyis1st, published an analysis of Adware Doctor on Friday, which appears to have encouraged Apple to take action.
Adware Doctor
As Wardle – an expert in Apple security – noted, Adware Doctor, which sold for $4.99, was the fourth-highest grossing app in the 'Paid Utilities' category of the macOS App Store.
Exfiltrated
The developer was identified as 'Yongming Zhang.' Wardle suggested this may be a reference to 'Zhang Yongming,' a Chinese serial killer. It's not certain the programmer is Chinese or is based there, but it appears the exfiltrated data was being sent to servers in China.
According to Thomas Reed, director of Mac and mobile security at Malwarebytes, the antivirus corp has been aware of this lone developer since 2015.
'At that time, we discovered an app on the App Store named Adware Medic – a direct rip-off of my own highly-successful app of the same name, which became Malwarebytes for Mac,' he wrote. 'We immediately began detecting this, and contacted Apple about removing the app. It was eventually removed, but was replaced soon after by an identical app named Adware Doctor.'
It should be said it wasn't exactly the same name: Malwarebytes' app was called AdwareMedic – without a space. Apple's tolerance of similarly named apps explains why there's currently still an app in the App Store called Adware Doctor – Adware Malware Remover, Browser & Mail Cleaner.
Chatting to El Reg, Reed said: 'There's definitely a naming issue on the App Store, because this has happened twice, with two different scam apps on the App Store, both using the name Adware Medic. Also, before Apple removed the offending Adware Doctor app earlier today, there were actually two apps, from different developers, with that exact name. (The other remains on the store.) There's also one called Total Adware Doctor.'
Reed's post also points the finger at other apps for data harvesting: Open Any Files, Dr. Antivirus, and Dr. Cleaner.
Sandboxed
Wardle's analysis delves into the techniques used by Adware Doctor to exfiltrate users' browser history files from Chrome, Firefox, and Safari, a clear violation of user privacy expectations and App Store rules. He notes that the application also collects a list of running processes on the user's device, something that he suggests skirts Apple's app sandboxing mechanism.
Apple declined to comment on the record. The Register, however, has come to understand from people familiar with the App Store's policies that accessing files in the user's home directory is not a violation of sandboxing rules when the user has granted the app permission to do so. Secretly sending browser history files to a remote server, however, represents a violation of App Store Review Guidelines.
Whether system-level process enumeration should be prevented by app sandboxing for an app granted broad permissions to fulfill its purported malware hunting job isn't clear.
Wardle told The Register: 'There are conflicting reports about where process enumeration is in fact blocked by the sandbox.' In any event, Apple's removal of Adware Doctor makes it clear there was a problem.
The imminent arrival of the next version of macOS, macOS Mojave, should improve the situation. The OS update extends sandboxing protection to browser history and cookies, so even were someone to grant home directory access, the app at least in theory would not be able to access those files.
Reed, however, urges caution. He concludes his post by saying, 'It’s blindingly obvious at this point that the Mac App Store is not the safe haven of reputable software that Apple wants it to be. .. I strongly encourage you to treat the App Store just like you would any other download location: as potentially dangerous.' ®
One of the oldest and most transparent malware tricks is the fake antivirus program, which gullible users are prompted to download with panicked banner ads and a dubious email from the FBI that “your cybers are infected and need cleaning.” It’s the malware equivalent of George Clooney’s crew turning up dressed as the cops in the Oceans movies, and normally, it only works for people still running Windows XP.
But according to a former NSA hacker turned security researcher, an app called Adware Doctor — which is the top-grossing paid app in the Utilities section of the Mac App Store — is secretly pilfering users’ browsing history without telling them. If his report (via TechCrunch) is accurate, Apple has known about the malicious behavior for weeks, but it still hasn’t done anything about it.
Patrick Wardle, the aforementioned security researcher, published a report into Adware Doctor on his blog. He credits Twitter user Privacy 1st with noticing the problem, but he conducts a thorough analysis to discover how Adware Doctor steals your browsing history, and where it sends the data to.
Adware Doctor App Mac Ios
According to his analysis, Adware Doctor jumps through a number of hoops to steal and then upload your browser history from Chrome, Safari, and Firefox; the data is then compressed and set to a server in China, where something is done with it. This, as he clearly explains, is all unethical behavior:
Pleasant reminder app mac. At no point does Adware Doctor ask to exfiltrate your browser history. And its access to this very private data is clearly based on deceiving the user.
Beyond its mistreatment and blatant disrespect of user data, the fact that Adware Doctor “dances around” the Mac App Sandbox seems to clearly be another violation as well. For example, that fact that Apple blocks the invocation of ps illustrates the fact that sandboxed applications should not be enumerating running processes from within the sandbox. If an application developer finds away around this, this is still a violation.
More worrying than the specific abuse here is how Adware Doctor managed to sneak its malevolent intentions through Apple’s supposedly-watertight security. Apple is famously fanatical about its “walled garden” of apps, and every app that is available for download through Apple’s official stores has — in theory! — been vetted to make sure it complies with Apple’s rules. Not only did Adware Doctor make it through the review process, but Apple still doesn’t appear to have taken any action to remove the app from its store, even though Wardle said he informed Apple about its behavior a month ago.