01/07/2019

Photo via Twitter Researchers from security firm Wandera have discovered 14 iPhone games that communicated with a server that became infamous for controlling the Golduck malware for Android.

The researchers said the iPhone apps were loaded with ads, which could have duped users into tapping a link and granting permission for malware installed outside the App Store.

"The apps themselves are technically not compromised; while they do not contain any malicious code, the backdoor they open presents a risk for exposure that our customers do not want to take," Wandera told TechCrunch.

"A hacker could easily use the secondary advertisement space to display a link that redirects the user and dupes them into installing a provisioning profile or a new certificate that ultimately allows for a more malicious app to be installed."

Downloaded roughly a million times

Collectively, the apps in question have been downloaded around a million times. However, Apple has now removed them from the App Store. Those who attempt to download them will get a message that says, “not currently available in the US store.”

While this prevents unique users from downloading the apps, some iPhone owners may still have the apps on their device. Here are the 14 different retro games that were recently dubbed risky by Wandera’s Threat Research team:

Commando Metal: Classic Contra

Super Pentron Adventure: Super Hard

Classic Tank vs Super Bomber

Super Adventure of Maritron

Roy Adventure Troll Game

Trap Dungeons: Super Adventure

Bounce Classic Legend

Block Game

Classic Bomber: Super Legend

Brain It On: Stickman Physics

Bomber Game: Classic Bomberman

Classic Brick - Retro Block

The Climber Brick

Chicken Shoot Galaxy Invaders

“Wandera researchers identified regular communication between the various apps and a Golduck Command & Control server,” the firm said. “Our security researchers discovered a secondary area being used to display ads that are not powered by Admob and instead, present content from a known malicious server.”