If you allow application access to the MacOS home directory, even if it is a Mac App Store application, you have to think twice about it. It seems that we are watching the trend of the Mac App Store application, and seems to be giving the user access to the user's home directory, such as virus scan and cache cleanup. Browsing history – to the analysis server.
Today, we are talking specifically about applications distributed by "Trend Micro, Inc." including Dr. Unarchiver, Dr. Cleaner and others. This problem was previously reported by users on the Malwarebytes forum and other reports. Other researchers followed Applications distributed by "Trend Micro, Inc." on the Mac App Store were found to collect user's browser history and upload it from Safari, Google Chrome, Firefox to the server. In addition, information on other applications installed in the system will also be collected. All this information is gathered at application launch, a zip file is created and uploaded to the developer's server.
At least I could see these reports in the Dr. Unarchiver application. After unpacking the zip file with this application, we provided the option of "Clean Clean Junk File". When "Scan" is selected, the open dialog in which the home directory is selected is displayed, and the application accesses the user's home directory necessary for collecting the history file from the browser. After allowing access to the home directory, the application collected private data and uploaded it to the server (blocked with proxy). Scroll down to see the screenshot.
Examining the archive of the application and the upload file to that server is complete …