Security researchers said that a malware named Golduck (malware) that is already on Google Play is currently in the App Store. Wandera, a security research firm “14 detected in practice, this harmful, still remains in constant communication with a harmful server,” he said.
Wandera, an enterprise security firm, said it found 14 apps — all retro-style games — that were communicating with the same command and control server used by the Golduck malware.
“The [Golduck] domain was on a watchlist we established due to its use in distributing a specific strain of Android malware in the past,” said Michael Covington, Wandera’s vice-president of product. “When we started seeing communication between iOS devices and the known malware domain, we investigated further.”
The apps include:
- Commando Metal: Classic Contra,
- Super Pentron Adventure: Super Hard,
- Classic Tank vs Super Bomber,
- Super Adventure of Maritron,
- Roy Adventure Troll Game,
- Trap Dungeons: Super Adventure,
- Bounce Classic Legend,
- Block Game,
- Classic Bomber: Super Legend,
- Brain It On: Stickman Physics,
- Bomber Game: Classic Bomberman,
- Classic Brick – Retro Block,
- The Climber Brick, and Chicken Shoot Galaxy Invaders.
Golduck communicates with the malicious server in the ad sections of the games and sends some information about the phone (IP address, phone model information, which application, etc.) to the other party.
At the moment, it was harmful, it just sent information to the server, but in the coming period, such as sending Android devices, sending paid messages can apply methods.