Security researchers have recently found dozens of apps with malicious software (malware) that were downloaded by more than a million iPhone users and 8 million Android users. In total, 17 infected apps were found in the Apple App Store, and 42 apps in the Google Play Store. If you have any of these apps on your phone or tablet, check out our guide on how to remove malware from your iPhone and Android device below.
The 17 iPhone Apps with Trojan Malware
The threat research team at Wandera, a mobile security company, found clicker Trojan malware in 17 popular apps on the App Store. The infected apps include RTO Vehicle Information, Daily Fitness – Yoga Poses, Restaurant Finder – Find Food, and more.
These apps can slow down the user’s phone and cause their battery to drain faster. A full list of the apps can be found in Wandera’s report. The apps were published by AppAspect Technologies, an app developer based in India.
Trojan malware is named after the wooden horse that the Greeks hid inside to enter the city of Troy. Like the legendary horse, malware is hidden in software to gain entry to the user’s system.
The clicker Trojan malware was designed to conduct an ad-fraud campaign. The software opens certain webpages (usually advertisements) in the background of a phone, without the users ever being aware. This gives a fake surge in the number of visitors to a website, so the hackers can rack up revenue from pay-per-click activity. This can also be done to cripple a competitor’s budget by showing an exaggerate balance on the ad network.
The apps were able to bypass the Apple review process by using a command and control (C&C) server. They communicated over the network using a strong algorithm granting access to authorized users only. Malicious code was not embedded in the apps themselves, but it was introduced into phones through a server. The C&C infrastructure acts as a backdoor for the app. It looks for and exploits vulnerabilities in the user’s phone or activates additional code hidden in the original app.
To date, Apple has removed all the apps except My Train Info – IRCTC & PNR and Easy Contacts Backup Manager. Wandera is continuing to monitor these two apps.
The 42 Malware Infected Apps in Google Play Store
Slovakian internet security company ESET reported that the 42 infected apps from the Google Play Store were installed by 8 million users. According to the ESET report, these apps include Video Downloader Master, SaveInsta, Mini Lite for Facebook, and more. Video Downloader Master is the most popular among the malicious apps, with more than 5 million downloads.
These apps have already been removed from the Google Play store. However, it is still possible to download them from third-party app stores.
Like the harmful iOS apps, these Android apps used a C&C server to bypass Google’s servers undetected. Once installed, the app will show-full screen ads at delayed intervals to avoid detection.
The developer also used other techniques to prevent suspicion from users. One of these is to hide the app icon and make a shortcut instead. When the user tries to delete the app, only the shortcut is deleted and the app continues to run in the background.
Another strategy they used was to display a Google Play Store icon on the Recent apps button when the user tries to find out which app played the ad. Yet another tactic is to include Google in the package name of the code, which makes it appear that the app is a legitimate Google service.
ESET researchers were able to track down the adware developer to a Vietnamese college student.
To take precautions against malware, researchers advise users to double-check who the developer of the app is before installing it. You should check the developer’s profile, their website, support page, and other relevant information to see if everything comes from a legitimate or professional company or developer. While there are app reviews, users must also keep in mind that there are developers who pay for fake reviews and comments.
How to Remove Malware from Your iPhone
To remove malware from your iPhone, you need to delete the infected apps. To delete an app, you can tap and hold the app for a few seconds until the icons start to jiggle. Then, tap the X button that appears in the upper-left-hand side of the app icon.
For apps that cannot be found on your home screen, go to Settings > General > iPhone Storage. Then tap on the app you want to remove.
Finally, choose Delete App. This will remove the app and all related data permanently.
If you are still having issues, check out our guide on how to reset your iPhone.
How to Remove Malware from Your Android Phone
To delete apps in any Android device, open the Google Play Store app and tap the three-line menu icon in the search bar. Then go to My apps & games, tap on the Installed tab, and choose the app.
Finally, tap Uninstall to remove the app with malware from your Android phone fully.
To remove apps running in the background, go to Settings > Apps on a basic Android device or Settings>Applications>Application Manager on a Samsung Galaxy phone. Choose the app you would like to delete, then tap Uninstall.