iPhone apps found to be linked to a known-to-be-malicious server

iphone apps linked to golduck

A few iPhone apps may be communicating with a server associated with an Android-focused malware, called Golduck. The malware, known about for over a year, is known to affect popular classic game apps on Android.

The malicious software, at that time, affected more than 10 million users by embedding backdoor code that allowed malicious payloads to be silently pushed to the device. The malware basically gave hackers privileges which allowed them to send premium messages and earn money.

Wandera, an enterprise cybersecurity firm found 14 iPhone apps – all retro-style games like Classic Brick, Brain It On, Commando Metal, etc. – “to be covertly communicating with a server used by Golduck.” On further investigation, the firm also found out that the affected apps sent back IP address data and location data in some cases, back to Golduck servers. 

“The [Golduck] domain was on a watch list we established due to its use in distributing a specific strain of Android malware in the past,” said Michael Covington, Wandera’s vice-president of product. Upon further investigating the firm’s claim, a popular news website discovered that the apps sent back information like app data, device type, ads displayed and IP address of the device.

As of now, the command and control server simply pushes a list of icons to the app, said the researchers. However, down the line, the communication between the app and the server could open up the app and the device to malicious commands, they added.