Fake application on “iOS” promises physical monitoring, but actually steals money, warns ESET.
ESET warns users of “iOS devices” to be careful as many applications have been identified, supposedly helping to track the physical state, while actually using Apple’s “Touch ID” to steal money.
Among the many applications that help users in a healthier lifestyle, “Fitness Balance” and “Calories Tracker” apps promised BMI calculation, daily calorie tracking, or reminding users to drink more water. However, these applications have an unexpectedly heavy price, according to Reddit users.
The first time the user activates one of these two applications, he is asked to scan his fingerprints for “personalized recommendations for calorie and nutrition monitoring” (Figure 1).
Figure 1 – Flawed apps in the Apple App Store ask users to scan their fingerprints
(Image Source: Reddit)
Then, a popup window asking for $99.99, $119.99 or €139.99 (Figure 2) is displayed to enable the user to continue using the application. This pop-up window only appears for about a second, however, if the user has a credit or debit card directly linked to his Apple account, the transaction is verified and the money is transferred.
Figure 2 – Popup window asking for payment in “Fitness Balance” and “Calories Tracker”
(Image Source: Reddit )
If users refuse to scan fingerprints in the “Fitness Balance” application, another popup window appears asking them to press the “Continue” button before they can use the application. If they comply, the app tries again to resume the aggressive payment process.
Despite its infamous nature, the “Fitness Balance” application received many 5 star ratings, averaged 4.3 stars and received at least 18 positive reviews. The publication of false positive ratings is a well-known technique used by fraudsters to improve the reputation of their applications.
Victims have already reported both apps to Apple, which led to their removal from the store. The users attempted even to communicate directly with the app “Fitness Balance” programer, but received only a general answer by promising to correct the reported “issues” in the upcoming version 1.1. Both applications, considering the interface and functionality, are probably created by the same developer. The users have also posted a video for applications «Fitness Balance» and «Calories Tracker» on Reddit.
Since Apple does not allow security solutions in the “App Store”, users must rely on Apple’s security measures. In addition, ESET advises users to always read the ratings of other users. Since many positive comments are fake, negative reviews are more likely to reveal the true nature of the application.
The users of “iPhone X” can also activate an additional function called «Double Click to Pay» , which requires to make “double click” on the side button to verify a payment. Users who have already been the victim of this fraud can also try to claim a refund from the “Apple App Store”.