Security Affairs
U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|U.S. Government Agency Paid $1M to Data Extortion Group Kairos|FBI: TeamPCP Compromised Dev Tools to Steal Cloud Credentials|Pegasus Used Against MEP Investigating Pegasus, Citizen Lab Finds|JADEPUFFER: First End-to-End AI-Driven Ransomware Operation|The Anatomy of a Shadow AI Supply-Chain Breach: Lessons from the 2026 Vercel Incident|Law enforcememt operation disrupted Malicious Residential Proxy Networks NetNut|Government and Healthcare Are the Weakest Links in Global Email Security|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Apple removed the popular app Adware Doctor because steals user browsing history

Apple has removed one of the most popular anti-malware app called Adware Doctor:Anti Malware &Ad from the official macOS App Store Apple has removed one of the most popular anti-malware app called Adware Doctor:Anti Malware &Ad from the official macOS App Store because it was gathering users’ browser histories and other sensitive data and then upload them to a […]

adware doctor

Apple has removed one of the most popular anti-malware app called Adware Doctor:Anti Malware &Ad from the official macOS App Store

Apple has removed one of the most popular anti-malware app called Adware Doctor:Anti Malware &Ad from the official macOS App Store because it was gathering users’ browser histories and other sensitive data and then upload them to a remote server in China.

Adware Doctor the top paid utility in the official Mac App Store, it has a good reputation with thousands of reviews and a 4.8 star rating.

Ironically an application developed to protect Mac systems was exposing user personal data without his permission.

The unwanted behavior was spotted by a security researcher that goes online with Twitter account Privacy 1st, he discovered that Adware Doctor would gather browsing history from the Safari, Chrome, and the Firefox browsers, the search history on the App Store, and a list of running processes.

The expert discovered also that the gathered info was first stored in a password protected zip file named “history.zip”, then it would be uploaded to a remote server.

Privacy 1st shared his discovery with the former NSA white hat hacker Patrick Wardle that after conducting a personal review confirmed the findings of the researcher.

Below a video created by Privacy_1st to show his findings.

Patrick Wardle by redirecting DNS resolution was able to capture the exfiltrated data:

adware doctor

The history.zip file is exfiltrated to a remote to dscan.yelabapp.com that is hosted on Amazon AWS servers, but the analysis of the DNS entries confirms that it is administered by an entity in China.

The app was developed by an individual identified as “Yongming Zhang.” Wardle speculated that this may be a reference to “Zhang Yongming,” a Chinese serial killer.

Thomas Reed, director of Mac and mobile security at Malwarebytes, his firm is monitoring the activity of this developer since 2015.

“At that time, we discovered an app on the App Store named Adware Medic – a direct rip-off of my own highly-successful app of the same name, which became Malwarebytes for Mac,” Reed wrote.

“We immediately began detecting this, and contacted Apple about removing the app. It was eventually removed, but was replaced soon after by an identical app named Adware Doctor.”

Reed confirmed that similar data exfiltration methodology was observed in other products as well (i.e. “Open Any Files: RAR Support”, “Dr. Antivirus”, and ‘Dr. Cleaner”).

Unfortunately, Apple is allowing such kind of dubious behavior and is allowing similar app names that could generate confusion in the users.

“If Apple is really “review[ing] each app before it’s accepted by the store” … how were these grave (and obvious) violations of this application missed!?,” Wardle states in his blog post. “Who knows, and maybe this one just slipped though. Maybe we should give them the benefit of the doubt, as yes we all make mistakes!But this bring us to the next point. Apple also claims that “if there’s ever a problem with an app, Apple can quickly remove it from the store”. Maybe the key word here is “can”.”

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs –  Adware Doctor, malware)

[adrotate banner=”5″]

[adrotate banner=”13″]