12 most popular free app in the US Mac App Store. All of this information is collected upon launching the app, which then creates a zip file and uploads it to the developer’s servers.The certificate issued for the domain drcleaner.com is registered as Trend Micro, Inc.“Dr. Collect … the user’s browser history from Safari, Google Chrome and Firefox … separate files specifically dedicated to storing the user’s recent Google searches information about other apps installed on the system … including information about where they were downloaded from, whether they are 64-bit compatible and their code signature. Apps distributed by … Trend Micro, Inc., which include Dr. Not to mention: Top 5 DJ Mistakes … Anti-malware apps were … malware?What’s the craic? Guilherme Rambo can’t quite believe his eyes: Mac App Store apps caught stealing and uploading browser history: When you give an app access to your home directory on macOS, even if it’s an app from the Mac App Store, you should think twice. But how on earth could it happen? In this week’s Security Blogwatch, we’re bang on Trend.Your humble blogwatcher curated these bloggy bits for your entertainment.… We found that the drcleanercom website was being used to promote these apps. There is really no good reason for a “cleaning” app to be collecting this kind of user data, even if the users were informed. Cleaner … We observed the same data being collected … minus the list of installed applications. … There was nothing in the app to inform the user about this data collection, and there was no way to opt out.Dr. Antivirus … we observed the same pattern of data exfiltration as seen in Open Any Files it also contained an interesting file named app.plist, which contained detailed information about every application found on the system. It was uploading a file update.appletuner.trendmicro.com browsing and search history.Dr.
And why wouldn't you?It's tempting to wonder if Apple's 30% cut of each sale of this massively popular app has lead to such egregious inaction. This after the Keynote at WWDC 2018 pronounced:“We believe that your private data should remain private … and we think you should be in control of who sees it.”Can the App Store survive? … Haven’t users finally lost faith in its bland assurance that its apps are screened and checked by Apple, and are ‘safe’?How many others in the store might prove similarly malicious? … The App Store remains a big problem for Apple, and until it addresses these problems will continue to tarnish the whole brand.What was it that Tim Cook said about privacy-violation being the “ equivalent of cancer”? Patrick Wardle calls this type of behavior deceitful: You probably trust applications in the Official Mac App Store. There’s no sort of quality control, it’s well nigh impossible to navigate, and frankly an embarrassment to a premium brand like Apple.I am stunned that Apple … is continuing to sell or give away … four products security researchers have demonstrated break Apple’s own rules, and grossly abuse the user’s privacy. Task manager for mac os x… We have completed the removal of browser collection features across our consumer products in question. … The browser history data was uploaded to a U.S.-based server.We apologize to our community for concern they might have felt and can reassure all that their data is safe and at no point was compromised. This was … done for security purposes (to analyze whether a user had recently encountered adware or other threats).The potential collection and use of browser history data was explicitly disclosed accepted by users for each product at installation. Battery, and Duplicate Finder collected and uploaded a small snapshot of the browser history on a one-time basis, covering the 24 hours prior to installation. Address Book Cleaner Mac OS X AppsNeed to suffer for this.So if I read that right, it's a one time collection that is absolutely required by the product except that they can just remove that "feature" from the product. What happens now to cases where users have issued a GDPR request for their data?Is it time for an epic Twitter rant? Gary Williams— When security companies breach user trust, something is seriously wrong. Most of their Mac OS X apps have been kicked out by Apple after it was discovered they were collecting and sending out private information.In an update, Trend announces that they have today permanently deleted the data they had collected from the users systems. To that end, we are currently reviewing and re-verifying the user disclosure, consent processes and posted materials for all Trend Micro products.Wow! From aggressive denial, through sorry-not-sorry “apology,” to full-on mea culpa in 48 hours? Mikko Hypponen never sleeps: Bad day for Trend Micro. … This incident has highlighted an opportunity for further improvement. … This has been corrected.We’ve always aimed for full transparency. :)And Hank Nussbacher calls it old news: Back in 2013 I discovered that Trendmicro anti-spam hashserver was exfiltrating data via DNS like: xxxxxxxx.yyyyy.hashserver.cs.trendmicro.comMeanwhile, this Anonymous Coward isn’t surprised to see an anti-malware company pushing spyware: Anti-virus vendors are the source of the majority of the world's computer viruses. So they definitely know what you're browsing.And attackers know what AV you're using. So if you receive a link to confidential information, for example your salary slip or an Excel with your customers that is not protected with authentication but only protected with a session key in the URL they have full access to the data.And this was confirmed by the Belgian journalist Mark Koek’s words: what they also do is visit the webpage itself.We see it on phishing tests — if a victim uses Trend Micro, there's a quick hit from TM on our phishing page. What other "minor configuration" issues do they have on their sites? in their databases and so on? litany of issues.Companies need to consider adding IT folk with security knowledge to the board.But isn’t this just a one-off issue? Erwin Geirnaert and friends think not: In 2013 … what we found is … Trend Micro scans any webpage you visit in their datacenter, including protected pages like Dropbox links, financial pages.They also download the entire page. … For a company that is supposedly a security company, this is inexcusable. And never assume a “curated” App Store will protect you from malware.
0 Comments
Leave a Reply. |
AuthorApril ArchivesCategories |