Scam Apps in Apple Store; Criminals Rake in $800,000 per Month
Posted by: Timothy Weaver on 06/15/2017 03:40 PM [ Comments ]
Apple has pulled one of its most popular apps, called “Mobile protection :Clean & Security VPN”, after it was found to be a scam.
The criminals were raking in $800,000 per month.
Researcher Johnny Lin investigated the app and reported: “Given the terrible title of this app (inconsistent capitalization, misplaced colon and grammatically nonsensical ‘Clean & Security VPN?’), I was sure this was a bug in the rankings algorithm,” he said in a post. “I tap into the app details to see that the developer is ‘Ngan Vo Thi Thuy’. Wait so, this is a VPN service offered by an independent developer who didn’t even bother to incorporate a company? That’s a huge red flag. So in this case, a random person who couldn’t piece together a grammatically correct title, who also didn’t bother to incorporate a company, wants access to all your internet traffic.”
If it is downloaded, the app asks to do a scan. And of course it finds problems and tells the victim that their device is at risk. It offers a "free trial", but unless you read the fine print, it will charge you $99.99 for a 7-day subscription.”
“It suddenly made a lot of sense how this app generates $80,000 a month,” Lin said. “At $400 per month per subscriber, it only needs to scam 200 people to make $80,000 per month, or $960,000 a year. Of that amount, Apple takes 30%, or $288,000?—?from just this one app.”
And there are others. Lin said that if you do a search for "wifi", you will get a result that includes “WEP Password Generator.” It is a simple random string generator that charges $50 per month.
Chris Olson, CEO of The Media Trust, said: "Fraud takes many shapes in the digital ecosystem. Whether hijacking a legitimate app to redirect to another (possibly malicious) app, executing non-human clicks, serving compromised ads or surreptitiously launching other apps, it all boils down to opportunity and financial incentive. Just like other ad-supported companies, app stores need to be vigilant about securing the content they promote. In addition to evaluating the reputation of the app developer, effective security requires continuous review of the app, requested permissions and any other network call."
Source: Info Security
Researcher Johnny Lin investigated the app and reported: “Given the terrible title of this app (inconsistent capitalization, misplaced colon and grammatically nonsensical ‘Clean & Security VPN?’), I was sure this was a bug in the rankings algorithm,” he said in a post. “I tap into the app details to see that the developer is ‘Ngan Vo Thi Thuy’. Wait so, this is a VPN service offered by an independent developer who didn’t even bother to incorporate a company? That’s a huge red flag. So in this case, a random person who couldn’t piece together a grammatically correct title, who also didn’t bother to incorporate a company, wants access to all your internet traffic.”
If it is downloaded, the app asks to do a scan. And of course it finds problems and tells the victim that their device is at risk. It offers a "free trial", but unless you read the fine print, it will charge you $99.99 for a 7-day subscription.”
“It suddenly made a lot of sense how this app generates $80,000 a month,” Lin said. “At $400 per month per subscriber, it only needs to scam 200 people to make $80,000 per month, or $960,000 a year. Of that amount, Apple takes 30%, or $288,000?—?from just this one app.”
And there are others. Lin said that if you do a search for "wifi", you will get a result that includes “WEP Password Generator.” It is a simple random string generator that charges $50 per month.
Chris Olson, CEO of The Media Trust, said: "Fraud takes many shapes in the digital ecosystem. Whether hijacking a legitimate app to redirect to another (possibly malicious) app, executing non-human clicks, serving compromised ads or surreptitiously launching other apps, it all boils down to opportunity and financial incentive. Just like other ad-supported companies, app stores need to be vigilant about securing the content they promote. In addition to evaluating the reputation of the app developer, effective security requires continuous review of the app, requested permissions and any other network call."
Source: Info Security
Comments