Wandera, an enterprise mobile security and data management company, said that it was able to find 14 gaming apps capable of creating backdoor access on iPhones. The apps are said to be linked to the Golduck malware.
Goldluck is a year old malware. Prior to this latest discovery, it was known to work through classic and retro Android gaming apps. For over a year, Goldluck sought to plant backdoor channels that would allow it to surreptitiously upload malicious payloads to Android phones.
The malware managed to infect more than 10 million devices. The compromise allows the hackers to run commands at the highest privileges.
Now researchers at Wandera are saying that they have spotted 14 iPhone retro-style gaming apps communicating with a server linked to Golduck. The team was able to spot the exchanges with the Golduck associated domain as the latter was already on its watchlist.
It’s Benign (for Now)
The researchers said that, so far, the transmissions seem relatively benign. Simply, the command and control server has been placing linked icons in the corner of the infected apps.
The team did observe, however, that the apps were sending IP addresses and location data back to the server and expressed their concern that the channel could still be used to transmit malicious elements if the people in control of the server choose to do so.
The hackers could, for instance, use the ad space and insert a link that leads users to install a provisioning profile or a new certificate that would allow for a more malicious app to be installed.
TechCrunch and data insights firm Sensor Tower have found that the apps had been installed close to one million times since they were released. Apple did not reply when TechCrunch reached out to it for comment.