One of the Top paid Apple’s Mac store App “Adware Doctor” spying the Mac users and steal the Users browsers history from the Safari browser.
Apple always claimed that the safest place to download apps for your Mac is the “Mac App Store” but this malicious activities of the most famous paid app leads to rising a lot of question against the Apple Privacy statement.
Adware Doctor was supposed to scan Mac computers for malware and remove suspicious files and Adware Doctor claims to be the “best app” to remove a variety of common adware threats which target Mac users.
Adware Doctor is one of the Top rated App and it was listed in the official Apple Website which is sitting among the top 4 App.
This App listed under ” Top paid utilities” which could cost $4.99 and the detailed analysis showed that this app is developed by Chinese application’s developer, “Yongming Zhang”
Apart from that, This app initially posed as Adware medic and its owned by Malwarebytes which leads to pullout but it came back to the store when it changes its name as Adware Doctor.
Adware Doctor Stealing Sensitive User Data Operation
Many of the users reported to Apple regarding this unusual behavior but Apple doesn’t care much and one of the recent tweet state that, Top Sold MacOS AppStore application is ROGUE. Adware Doctor is stealing your privacy.
Top Sold MacOS AppStore application is ROGUE. Adware Doctor is stealing your privacy. PoC: https://t.co/LmveX593q0#malware #virus #MacOS #Apple #MacBook #MacBookPro #CyberSecurity #privacy #GDPR #Hacking #hackers #cyberpunk #Alert
— Alex Kleber a.k.a Privacy 1st (@privacyis1st) August 20, 2018
Above Tweet that posted along with POC demonstrate that Adware Doctor collecting and stealthily exfiltrating a variety of sensitive user data including browser history.
Researchers performed an in-depth analysis using process monitor and retrieve the zip utility file to create a password-protected archive history.zip that was being uploaded to the Chinese server.
Adware Doctor.44148 open ~/Library/Containers/com.yelab.Browser-Sweeper/Data/Library /Application Support/com.yelab.Browser-Sweeper/history.zip
According to objective-see, By editing the system’s /etc/hosts file we can redirect this request to a server we control can capture what Adware Doctor is trying to upload. And what do you think that might be? If you guessed the history.zip file you would be correct.
Since its a password protected file, they unzip the archive, entering webtool as the password and extracted that confirmed that Adware Doctor is stealing your browser history.
Finally, Apple just removed Adware Doctor, a paid utility in the Mac App Store and the users who all are already downloaded this is strictly advised to remove from your computer in order to prevent yourself and keep your better privacy.