A representative of the company told BleepingComputer that the company statement would be updated continuously.
Trend Micro is yet to explain the connection with shady apps from other developers and why the its products were removed from the App Store. "This was a one-time data collection, done for security purposes (to analyze whether a user had recently encountered adware or other threats, and thus to improve the product & service)," Trend Micro explains, adding that the data was uploaded to a server in the US on Amazon Web Services, not in China. Battery, and Duplicate Finder collected browser snapshots, but the behavior was disclosed in the EULAs of each product. The company says that an initial investigation confirms that Dr Cleaner, Dr Cleaner Pro, Dr.
Appstore adware cleaner mac update#
Update : Trend Micro released less than an hour ago a statement denying that its apps were stealing user data. We reached out to Trend Micro for a statement on the matter but received no reply at the time of publishing. Trend Micro's list of apps in the App Store at the time of publishing is reduced to two entries: Network Scanner (five ratings) and Dr. The apps have been reported to Apple since at mid-August and are currently removed from the Mac App Store.Īlso removed is App Uninstall ( spotted by security researcher Joshua Long), another product under Trend Micro's developer account. Unarchiver to upload user data to an external server is not singular, Privacy_1 points out.Īdware Doctor and Komros Adware Cleaner (same developer behind them), Open Any Files and Adblock Master relied on the same technique to lift the information from users.Īnother thing these apps have in common is a connection with Trend Micro and a Chinese developer. Multiple apps remove data in the same way, all from Chinese devs Also, the researcher did not have a chance to look closer into this, but from his experience with analyzing APT malware, this looks like a valid theory. It is important to note that the three apps analyzed by Privacy_1st did not exhibit data exfiltration behavior every time they launched. Observing the behavior of the apps, the researcher noticed that they received at runtime a JSON file with different codes, which suggests that the apps retrieve commands from the mother ship for data exfiltration. The final destination for the information was the domain, the researcher told us, the same as the Open Any Files app.
Appstore adware cleaner mac serial number#
The researcher says that the serial number and the version of the operating system were among the exfiltrated details. They collected browser history and data from the device that could be used for identification. Privacy_1st looked into the three apps from Trend Micro and saw that they had hardcoded strings for exfiltrating user information. IOS developer and 9to5Mac writer Guilherme Rambo found that Trend Micro's Dr.