Cybercriminals are constantly coming up with more elaborate ways to gain access to user data and now they have found a new way to do so through the Mac App Store according to a post on Malwarebytes' forum.
A developer by the name of Trend Micro Inc. which has several apps, including Dr. Unarchiver, Dr. Cleaner and others, on the Mac App Store has been caught stealing and uploading users' browsing history.
The apps are able to gain access to a users' browsing history by requesting access to the home directory on macOS. Once a user gives one of Trend Micro Inc.'s apps permission to access the home directory, the app will collect information about the other apps installed on the system as well as a user's browsing history from Safari, Google Chrome and Firefox, which it puts in a zip file and uploads to the developer's servers.
For example, the Dr. Unarchiver app gives users the option to “Quick Clean Junk Files” and once they select “Scan”, the app launches an open dialogue with the home directory selected. The average user would not see this as out of place but it is how the app is able to gain access to their system and share their data with the developer without their knowledge.
Trend Micro Inc.'s apps have since been removed from the Mac App Store but the fact that Dr. Unarchiver almost made it into the top ten most popular free apps on the US store highlights the serious security threat that the app and others like it pose to consumers.
If an app requests access to the home directory of your Mac devices, it is highly recommended that you think twice before potentially giving it access to your entire system.
Image Credit: Apple