#I remove dr cleaner from my mac software#
It could be argued that it is useful for antivirus software to collect certain limited browsing history leading up to a malware/webpage detection and blocking. (See a short excerpt from the file below, showing only the information listed for Dr. In addition to the browsing history, it also contained an interesting file named app.plist, which contained detailed information about every application found on the system. This file, though, contained an interesting bonus. Worse, however, was that we observed the same pattern of data exfiltration as seen in Open Any Files! We saw the same data being collected and also uploaded in a file named file.zip to the same URL used by Open Any Files. However, even within the user folder, most of antivirus apps in the App Store don’t have a good detection rate, and this was no exception.
#I remove dr cleaner from my mac mac#
On investigating, we learned that this app, like most Mac App Store apps, is limited in what it can detect to begin with, due to restrictions imposed by the App Store. (Recently, Open Any Files stopped exfiltrating this data, but we have retained the evidence from our observations.) Dr. Antivirus, as well as a number of other apps. It is still present on the App Store.Īs we were investigating, we found it very odd that Open Any Files was promoting Dr. We reported this app to Apple in December 2017. Complete Firefox browsing and search history.Complete Chrome browsing and search history.Complete Safari browsing and search history.It was uploading a file named file.zip to the following URL: /1/upload/search_keywords/ It turned out that this app’s behavior was very similar to the current behavior of Adware Doctor. This seemed like an abuse of an affiliate program for that product. Interestingly, this software was designed to promote a what appeared to be a mainstream antivirus product. The typical behavior is that, when the user opens an unfamiliar file, this app (and others like it) opens and promotes some antivirus software for scanning the file or the computer, often telling the user that they might be unable to open the file because they are infected. We’ve seen a number of different scam applications like this, which hijack the system’s functionality for handling documents that the user does not have an appropriate app to open, as a means for advertising other products…most often scams. This app came onto our radar late last year. We’ve continued to fight against this app, as well as others made by the same developer, and it has been taken down several times now, but in a continued failure of Apple’s review process, is always replaced by a new version before long. It was eventually removed, but was replaced soon after by an identical app named Adware Doctor. We immediately began detecting this, and contacted Apple about removing the app. At that time, we discovered an app on the App Store named Adware Medic-a direct rip-off of my own highly-successful app of the same name, which became Malwarebytes for Mac. The developer of this app is one that we at Malwarebytes have had our eye on since 2015. The developers found a loophole that allowed them to access that data despite Apple’s restrictions. In the case of the list of running processes, the app had to work around blockages that Apple has in place to prevent such apps from accessing that data.
Most of this is data that App Store apps should not be accessing, much less exfiltrating. A list of software that you have downloaded and from where.Patrick Wardle has recently posted an article detailing the misbehavior of an app named Adware Doctor, which is exfiltrating the following data: (This is referred to as exfiltrating the data.) Some of this data is actually being sent to Chinese servers, which may not be subject to the same stringent requirements around storage and protection of personally identifiable information like organizations based in the US or EU. Several security researchers have independently found different apps that are collecting sensitive user data and uploading it to servers controlled by the developer. There is a concerning trend lately in the Mac App Store.
0 kommentar(er)
