adware doctor

Mac’s “Adware Doctor” Caught Spying & Submitting Data!

Apple Store’s leading adware removal tool, Adware Doctor, can not only prevent malware and malicious files from infecting your Mac, but also steal browsing history and send it to a server in China, without consent. For $4.99 this app could be yours!

Adware Doctor’s Suspicious Activity

A security researcher notified Apple about Adware Doctor’s unusual activity, such as its spyware-like behavior that may be exfiltrating user’s browser history. Even after the warnings, Adware Doctor was still available by the developer, Yongming Zhang, in the Apple Store.

Against Guidelines

Another researcher, Patrick Wardle, informed people with a blog of how 

Adware Doctor is transferring your data to a server in China.  The app will collect sensitive users’ data from all websites visited (Chrome, Firefox, Safari) and sends this information to a Chinese server at  http://yelabapp.com/ run by the app’s makers.

“Now, an anti-malware or anti-adware tool is going to need legitimate access to user’s files and directories—for example, to scan them for malicious code,” Wardle explains.

Adware Doctor neglects Apple’s Mac App Store sandbox guidelines to conduct its mischievous actions of accessing, copying, and uploading user data from the Mac computer it is installed on.

“However, once the user has clicked Allow since Adware Doctor requested permission to the user’s home directory, it will have carte blanche access to all the user’s files. So yes will be able to detect and clean adware, but also collect and exfiltrate any user file, it so chooses!”

Adware Doctor collects history information into a ZIP archive, which then gets uploaded to the server via a call to the sendPostRequestWithSuffix method for exfiltrate.

Apple Store

Since this discovery, Wardle contacted Apple about month ago about this app’s spyware-like activity, but the company did nothing about it.

Wardle’s suspicions in his blog caught several different media outlets’ attention.  Only then did Apple remove Adware Doctor along with another app created by the same developer, AdBlock Master.

The Chinese server collected data from Adware Doctor is currently offline, possibly due to all the media attention the app has received.  Those who already downloaded this app should remove the app immediately.

Original Article Found Here.