Apple Mac App 'Adware Doctor' Caught Stealing Internet Browsing Histories

A popular piece of Apple Mac software advertised as a way to remove cybersecurity threats has been stealing users' internet browsing histories, a researcher warned Thursday.

Adware Doctor, one of the top paid applications on the official Mac Store marketplace, was analyzed in detail this week by Objective-See, a research platform created by former National Security Agency staffer Patrick Wardle, who's now chief research officer at Digita Security.

The analysis built on research posted online on August 20, which raised suspicions about the software when it was found it was covertly sending files to a Chinese developer. The app remained for sale despite its having been reported as malicious weeks ago, researchers said.

According to Wardle, Adware Doctor was tapping files without users' consent, which is against Apple store regulations. Screenshots posted to a blog post on Friday showed it was seeking histories for browsers, including Chrome, Firefox and Safari. Researchers said anti-malware tools need access to files in order to work—but that Adware Doctor posed a major privacy risk.

Macbook
Requesting permission for a user’s browsing history was a “blatant violation of the user's privacy, researchers said Friday, September 7. Markus Petritz/Unsplash

According to the Mac Store, Adware Doctor was first released on December 23, 2015. It had a number of positive reviews, but experts said evidence suggested some were false.

"There is rather a massive privacy issue here," the Objective-See blog post stated. "Let's face it, your browsing history provides a glimpse into almost every aspect of your life." Little is known about the identity of the developer, who uses the name Yongming Zhang on the app store.

When Adware Doctor is loaded for the first time, it requests access to the user's home directory. This gives it "carte blanche access to all the user's files," the blog warned. "Yes, it will be able to detect and clean adware, but also collect and exfiltrate any user file it chooses."

Requesting access to a user's browsing history appeared to be a "blatant violation of the user's privacy and of course Apple's strict Mac App Store rules" the cyber researchers noted.

Apple did not immediately respond to a request for comment.

While many consumers believe that Apple devices are safe from malware, especially when compared with the competition, security experts warned this was not always the case.

This year, Malwarebytes, a California cybersecurity company, published a report showing a slew of threats that specifically targeted the Mac operating system. "Users are often told that they don't need antivirus software because there are no Mac viruses," it said. "However, this is not true at all, as Macs are affected by malware, and have been for most of their existence."

Objective-See said Apple should pull Adware Doctor from sale and refund the customers who bought it.

"This was reported to Cupertino through official channels a month ago, the app remains in the Mac App Store even today!" the blog post said. "Though we'll never get our browser history back, recovering our hard-earned money would be a start! Your move Apple."