Even though Apple has always been especially proud of its App Store app review process, it seems that some apps which are not exactly malicious but do exhibit risky behavior escape its review team's scrutiny occasionally.
This is the case of over a dozen iOS applications found in Apple's App Store which were observed while transferring data to command-and-control servers known to have been used by the Android Golduck Loader.
Golduck Loader used as an adware distribution platform
The Golduck malware discovered by Appthority in multiple apps distributed through the Google Play store at the end of 2017 and it was used by its authors as an adware distribution platform, with possible device compromise capabilities.
Malware loaders are usually used by their masters to build botnet networks which can be later used for various purposes, either by including them in custom multi-stage infection chains they can use to drop second-stage payloads or by selling them to other bad actors as part of Malware-as-a-service (MaaS) schemes.
Although malware loaders act as a dropper for other malware strains such as Trojans and don't come with their own data stealing or data corruption features, they can still be used by crooks as backdoors.
The apps also exfiltrated info to the Golduck C&C servers
This is what sparked the attention of
Wandera's Threat Research team which found out that the apps were manifesting a similar behavior to the Android apps infected with Golduck, injecting ads in an overzealous manner to multiple areas on the app's main screen.
