Beware - Mac AppStore Fake Antivirus

 There is a strong connection between TrendMicro and the Open Any File developer. TrendMicro had even allowed access to their servers to this developer. The problem is that OpenFile is sending to TrendMicro servers data about your Mac system, paths, and what exactly are you doing. There is nothing specified in any user agreement about this practice and is breaking the user privacy. Another identified thing is that the OpenFile is uploading a zip file when you want to open unknown files. The zip file is password protected, something that makes me think why you should password protect some statistical data. I have strong feelings to believe that the zip archive contains the file you want to open, which is nothing more than DATA EXFILTRATION. During the examination, I noticed that OpenFile and Trend are receiving commands from their servers precisely in the way as a C2C does. All these facts are enough to conclude that TrendMicro is ABUSING the end user and must...

Another day after Christmas and I found out another application abusing the AppStore Apple system and end users. The application name is Open Any Files: RAR Support. The app is acting like a malware abusing the Mac and AppStore system to gain downloads and promoting another app. 1. The files extensions system is abused 2. The developer is fake reviewing this app to fraud the Apple AppStore system and trick Mac users to download it 1. The files extensions system was done by Apple for the developers for ONLY one reason: For example, if you code an application that can open a PDF file, you can add a rule into the Info.Plist file telling to the MacOS system to add your application as the opener for the PDF File. The developer of Open Any Files is abusing this feature by adding a large set of extensions into the Info.Plist file, tricking the MacOS System that this app can open this kind of files. Why is doing it? Because when you download a file from the internet, and you don't have ...

PoC Video: https://youtu.be/GRqDU9Xo7Pc This video is just a PoC (Proof of Concept) about how AppStore developers are making money by abusing the lack of experience of the Apple users. In this video, we will discuss the Antivirus Zap. This application caught my attention because of the high volume of 5 stars reviews. After a little research, I found out that this application was developed by a company called Voros Innovation. This company does not have anything to do with cybersecurity, neither with the malware research or malware analysis, asking myself about how genuine is the product that they sell. I fired up a new clean VMware machine and let's see what this application can do. - I completed a full scan of the virtual machine which came back clean. - Opened Safari and browsed to the MacKeeper website, in the hope that the antivirus has some active protection. Nothing was present. - I did another scan, and surprisingly, the application flagged as "adwar...