Appleās App Store is considered a reliable platform for downloading apps. So much so, in fact, that users often assume thereās no danger at all: what could possibly be wrong with an app thatās been moderated by Apple? App Store verification is indeed effective, and news about malicious or phishing apps on the platform is uncommon.
All the same, malware creators do occasionally sneak under the App Storeās radar. This post examines three fraudulent apps weāve found in the official Apple store, and what precautions you can take to avoid a financial hit.
Scam apps in the App Store
The three weāve found all share a common theme: investment. If the descriptions are to be believed, two are for tracking the current value of cryptocurrency assets. The third seems to be some kind of investment game, which, I quote, āplunges you into the world of financial decisions, making you feel like a real office worker. You will have to make complex financial decisions that will affect your characterās mood and the state of their walletā.
When the user opens any of these apps almost anywhere in the world, the program, having checked the location by IP address, shows what was promised in the description: either a simple app for tracking cryptocurrencies, or a mini-game with multiple-choice questions.
But if the user is in Russia, however, the app downloads far less innocuous phishing content. First, the victim is promised a decent income of at least $1000 a month. Whatās more, you can start investing supposedly with small amounts ā āfrom $110ā ā and expect your first profit āin just a few daysā; access to the platform is, of course, free.
The promises of fabulous riches are followed by a rather long and detailed questionnaire. The scammersā aim here is to get you to āinvestā a certain amount of time and effort in the process; this is so that, come the key stage of the scam, the victim will be reluctant to give up that investment.
The culmination is a form asking for your first name, surname, and phone number so that āan investment platform specialist can be in touchā. Once the contact information is sent, the phishers promise to call you shortly.
And theyāre true to their word. According to user reviews in the App Store, during the phone call with the āspecialistā, the hapless user is persuaded to āinvestā a certain amount in a highly dubious financial project. The outcome isnāt hard to predict: the fantastic payback never materializes, and the victimās investment disappears.
Although user reviews of all three malicious apps warn about fraud, only when we reported them did the App Store moderators sit up and take notice. At the time of posting, all three apps have been removed from the App Store.
But how did they even get there in the first place? We canāt give a definite answer, of course ā only Apple itself can do so after a thorough investigation. We can only assume that when the apps were being moderated, they only displayed harmless content since they were designed to download the phishing questionnaire from the internet as a regular HTML page. And then, after the apps had been approved and placed in Appleās official store, the scammers modified the uploaded content.
How to stay safe
The iOS architecture is built to keep user apps as isolated as possible from the rest of a deviceās system and also user data. Because of this, thereās no way to create a āclassicā antivirus for iOS: it simply wonāt have the necessary access to other programs and data running in the system. Apple works on the assumption that App Store moderation protects against malicious apps such as these. But, as we now see, its safeguards can be bypassed by substituting uploaded content with phishing once the app is approved. And because the App Store currently hosts around two million apps, the moderators simply donāt have time to respond quickly to user complaints.
Therefore, the next line of defense becomes all-important. Kaspersky: VPN & Antivirus for iOS with Plus and Premium subscriptions analyzes traffic and promptly detects attempts to open phishing sites on your device. Dangerous pages get blocked straight away and a warning is displayed.
And although all the scam apps we found this time around singled out users in Russia, the same technologies could just as well be used to target any audience in any country in the world ā the only question is when. So, as you can see, iOS needs protection just as much as Android.
Source: kaspersky.com