Recently, a pretty well-liked anti-malware application which goes by the name of “Adware Doctor” was kicked out of the apple store as it was found to be sending data to China, without the permission of the user.
The application probably was a protection program that could safeguard the Mac from malicious files. With an impressive rating of 4.8 stars and a remarkable set of more than 7000 reviews the app was of top paid utility in the store.
Insidiously enough the well-known application was illegitimately uploading personal user data to a remote site with the façade of removing infections on the Mac.
Privacy 1st, security researcher, came across Adware Doctor’s tendency of gathering App store search history and user data from browsers like Safari, Chrome and Firefox.
A zip file of the name “history.zip” which is protected by a password is then created which holds the concerned information and later the file is uploaded to the mysterious server. The researcher quite vividly explained the entire execution of the program through a video.
The usage of the information in these scandalous zip files is clear to no one yet but the exfiltration of data from someone in China is disconcerting enough.
The programme was collaboratively analysed by Patrick Wardle and the aforementioned Privacy 1st researcher when he informed him about the data exfiltration activity. Later on, a detailed analysis was provided by Patrick via a blog post.
The remote host goes by the name of adscan.yelabapp.com where the zip file is ultimately sent to. The domain is hosted on Amazon AWS servers when in actuality the DNS records definitely reflect that the affair is being controlled from China.
Thomas Reed the Malwarebytes developer has been keen on Adware Doctor ever since 2015. Adware Doctor is actually a replacement for Adware Medic which was a replica of a highly successful application which was developed by Reed himself.
These kinds of exfiltration activities had been previously seen in other programmes like “Dr. Antivirus”, “Open Any Files: RAR Support” and Dr. Cleaner” as well. As a matter of fact, Reed had contacted Apple regarding the “Open Any Files” software but in vain.
Despite Apple’s repeated attempts at keeping malicious software off its app store, it has disappointed a lot of researchers in recent times because of its lethargic approach towards removing applications that are reportedly unsafe.
