{"id":49111,"date":"2023-09-29T08:26:04","date_gmt":"2023-09-29T12:26:04","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=49111"},"modified":"2023-09-29T08:26:04","modified_gmt":"2023-09-29T12:26:04","slug":"dangerous-apps-in-app-store","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/dangerous-apps-in-app-store\/49111\/","title":{"rendered":"Dangerous investments: App Store scammers"},"content":{"rendered":"

Apple\u2019s App Store is considered a reliable platform for downloading apps. So much so, in fact, that users often assume there\u2019s no danger at all: what could possibly be wrong with an app that\u2019s been moderated by Apple? App Store verification is indeed effective, and news about malicious or phishing apps on the platform is uncommon.<\/p>\n

All the same, malware creators do occasionally sneak under the App Store\u2019s radar. This post examines three fraudulent apps we\u2019ve found in the official Apple store, and what precautions you can take to avoid a financial hit.<\/p>\n

Scam apps in the App Store<\/h2>\n

The three we\u2019ve found all share a common theme: investment. If the descriptions are to be believed, two are for tracking the current value of cryptocurrency assets. The third seems to be some kind of investment game, which, I quote, \u201cplunges you into the world of financial decisions, making you feel like a real office worker. You will have to make complex financial decisions that will affect your character\u2019s mood and the state of their wallet\u201d.<\/p>\n

\"Scam<\/a>

Scam apps we\u2019ve found in the App Store<\/p><\/div>\n

When the user opens any of these apps almost anywhere in the world, the program, having checked the location by IP address, shows what was promised in the description: either a simple app for tracking cryptocurrencies, or a mini-game with multiple-choice questions.<\/p>\n

But if the user is in Russia, however, the app downloads far less innocuous phishing content. First, the victim is promised a decent income of at least $1000 a month. What\u2019s more, you can start investing supposedly with small amounts \u2014 \u201cfrom $110\u201d \u2014 and expect your first profit \u201cin just a few days\u201d; access to the platform is, of course, free.<\/p>\n

The promises of fabulous riches are followed by a rather long and detailed questionnaire. The scammers\u2019 aim here is to get you to \u201cinvest\u201d a certain amount of time and effort in the process; this is so that, come the key stage of the scam, the victim will be reluctant to give up that investment.<\/p>\n

The culmination is a form asking for your first name, surname, and phone number so that \u201can investment platform specialist can be in touch\u201d. Once the contact information is sent, the phishers promise to call you shortly.<\/p>\n

And they\u2019re true to their word. According to user reviews in the App Store, during the phone call with the \u201cspecialist\u201d, the hapless user is persuaded to \u201cinvest\u201d a certain amount in a highly dubious financial project. The outcome isn\u2019t hard to predict: the fantastic payback never materializes, and the victim\u2019s investment disappears.<\/p>\n

Although user reviews of all three malicious apps warn about fraud, only when we reported them did the App Store moderators sit up and take notice. At the time of posting, all three apps have been removed from the App Store.<\/p>\n

But how did they even get there in the first place? We can\u2019t give a definite answer, of course \u2014 only Apple itself can do so after a thorough investigation. We can only assume that when the apps were being moderated, they only displayed harmless content since they were designed to download the phishing questionnaire from the internet as a regular HTML page. And then, after the apps had been approved and placed in Apple\u2019s official store, the scammers modified the uploaded content.<\/p>\n

How to stay safe<\/h2>\n

The iOS architecture is built to keep user apps as isolated as possible from the rest of a device\u2019s system and also user data. Because of this, there\u2019s no way to create a \u201cclassic\u201d antivirus for iOS: it simply won\u2019t have the necessary access to other programs and data running in the system. Apple works on the assumption that App Store moderation protects against malicious apps such as these. But, as we now see, its safeguards can be bypassed by substituting uploaded content with phishing once the app is approved. And because the App Store currently hosts around two million apps, the moderators simply don\u2019t have time to respond quickly to user complaints.<\/p>\n

Therefore, the next line of defense becomes all-important. Kaspersky: VPN & Antivirus<\/a> for iOS with Plus and Premium subscriptions analyzes traffic and promptly detects attempts to open phishing sites on your device. Dangerous pages get blocked straight away and a warning is displayed.<\/p>\n

\"How<\/a>

Here\u2019s how Kaspersky: VPN & Antivirus for iOS responds to an attempt by a scam app in the App Store to download phishing content<\/p><\/div>\n

And although all the scam apps we found this time around singled out users in Russia, the same technologies could just as well be used to target any audience in any country in the world \u2014 the only question is when. So, as you can see, iOS needs protection<\/a> just as much as Android<\/a>.<\/p>\n\n","protected":false},"excerpt":{"rendered":"

We\u2019ve found several scam investment-apps in the App Store that dupe users out of personal information.<\/p>\n","protected":false},"author":2749,"featured_media":49120,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1788,2683],"tags":[2329,14,109,2640,1161,80,4352,1250,726],"class_list":{"0":"post-49111","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-privacy","8":"category-threats","9":"tag-app-store","10":"tag-apple","11":"tag-apps","12":"tag-cryptocurrencies","13":"tag-finance","14":"tag-fraud","15":"tag-investments","16":"tag-ios","17":"tag-scam"},"hreflang":[{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/dangerous-apps-in-app-store\/49111\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/dangerous-apps-in-app-store\/26298\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/dangerous-apps-in-app-store\/21731\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/dangerous-apps-in-app-store\/28975\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/dangerous-apps-in-app-store\/26582\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/dangerous-apps-in-app-store\/36177\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/dangerous-apps-in-app-store\/26860\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/dangerous-apps-in-app-store\/32581\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/dangerous-apps-in-app-store\/32239\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com\/blog\/tag\/ios\/","name":"iOS"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/49111","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/users\/2749"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/comments?post=49111"}],"version-history":[{"count":6,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/49111\/revisions"}],"predecessor-version":[{"id":49122,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/posts\/49111\/revisions\/49122"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media\/49120"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/media?parent=49111"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/categories?post=49111"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com\/blog\/wp-json\/wp\/v2\/tags?post=49111"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}