Apple removes a top paid utility app that stole data and sent it back to China

Apple just removed its number one paid utility in the Mac App Store, Adware Doctor, after it was found to be secretly recording users’ app data and browser history and sending it back to a server located in China, as spotted by 9to5Mac http://gsul.me/cKHg .

Apple was notified a month ago by a security researcher, but it only removed the app today. From looks alone, the app appeared legit, with plenty of five-star ratings and approval from Apple. It was listed alongside vetted apps like Final Cut Pro and Logic Pro X.

Adware Doctor was supposed to scan Mac computers for malware and remove suspicious files. It originally pretended to be a dupe of Malwarebytes’ Adware Medic app, and Apple removed it from the App Store until it changed its name to Doctor to bypass the exact name copy.

Adware Doctor disguises its universal access request as a malware scan in order to access data from other apps and running processes. It likely is able to bypass sandboxing and access processes by copying Apple’s code found in its technical Q&A for retrieving a list of all processes. By these means, it can read all your browser history and remember apps you’ve downloaded.