So yes will be able to detect and clean adware, but also collect and exfiltrate any user file, it so chooses!"Īccording to the technical process outlined in Wardle's post, Adware Doctor escapes Apple's app sandbox and calls processes tied to popular web browsers including Safari, Chrome and Firefox, and then compresses history data into a ZIP archive, which is then uploaded to the server via a call to the sendPostRequestWithSuffix method for exfiltration. "However, once the user has clicked Allow since Adware Doctor requested permission to the user's home directory, it will have carte blanche access to all the user's files. "Now, an anti-malware or anti-adware tool is going to need legitimate access to user's files and directories-for example, to scan them for malicious code," Wardle explains. To do this, Adware Doctor bypasses Apple Mac App Store sandbox restrictions to be able to access, copy and upload user files from the Mac computer it is installed on. The researcher then investigated Adware Doctor with ex-NSA staffer Patrick Wardle, who deep dive into the app and today published a blog post, saying that the app sidesteps Apple's sandbox and covertly collects users' browser histories and then transfers it to a server in China-which is blatant violations of Apple's developer guidelines.Īccording to Wardle, Adware Doctor collects sensitive users' data-primarily any website you've visited or searched for-from all the popular web browsers including Chrome, Firefox, and Safari, and then sends that data to Chinese server at run by the app's makers. The researcher informed Apple about the Adware Doctor's suspicious activity during that time, but the app, from a developer named "Yongming Zhang," remained available in the Mac App Store.Īdware Doctor Sends Stolen User Data to Chinese Servers However, a security researcher with the Twitter handle detected Adware Doctor's suspicious spyware-like behavior almost a month ago and also uploaded a proof-of-concept video demonstration of how the user's browser history is exfiltrated. Join our insightful webinar! Save My Seat! Zero Trust + Deception: Learn How to Outsmart Attackers!ĭiscover how Deception can detect advanced threats, stop lateral movement, and enhance your Zero Trust strategy.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |