Security researchers have found that over a dozen apps available for iOS have been infected with a malware whose primary target previously was Android devices. Golduck has been around since the last year and it used to infect retro games by silently embedding backdoor code for payload. The situation went so grave that more than 10 million users were affected by the malware.
The breach was found on 14 iOS apps by Wandera, a security enterprise firm. They found that the apps were communicating back and forth with the same server used by the malicious apps previously. According to Michael Covington, Wandera’s VP of Product:
The [Golduck] domain was on a watchlist we established due to its use in distributing a specific strain of Android malware in the past. When we started seeing communication between iOS devices and the known malware domain, we investigated further.
Given below is a list of apps affected:
- Commando Metal: Classic Contra
- Super Pentron Adventure: Super Hard
- Classic Tank vs Super Bomber
- Super Adventure of Maritron
- Roy Adventure Troll Game
- Trap Dungeons: Super Adventure
- Bounce Classic Legend
- Block Game
- Classic Bomber: Super Legend
- Brain It On: Stickman Physics
- Bomber Game: Classic Bomberman
- Classic Brick – Retro Block
- The Climber Brick
- Chicken Shoot Galaxy Invaders
Their analysis is available here in a blog post. TechCrunch also verified their claims by the running the app through a proxy on a clean iPhone to see where the data goes. It turns out, the apps do communicate with the malicious server. If you have any of the above-listed apps, you should remove them straight away to avoid any problems.