Unscrupulous developers of mobile applications have found a new way to extort money from users. The scheme detected by the users of the forum Reddit and described by the experts of the company ESET, involves the use of sensor TouchID on your iOS device, in order to trick the victim to make an unnecessary purchase inside the app.
Researchers at ESET described two cases of using the above scheme. We are talking about fitness apps and Fitness Tracker Calories Balance (currently removed from App Store), which brought its creators $60 thousand and $10 thousand, respectively.
In-app purchases were made when the unsuspecting user put your thumb on TouchID, ostensibly to relieve health outcomes. When you first start Calories Tracker and Fitness Balance requested from the user finger as if to “show him his personalized calorie counter and nutrition recommendations”. After the user has pressed a finger to counter, on the screen appeared a pop-up notification about the cancellation of 99.99, or $ 119,99 $139,99 euros.
A notice was displayed on the screen a second. If your Apple account was tied to Bank card, the transaction is considered verified, and the money went to fraudsters.
If the user refused to scan the finger, there is another pop-up notification that required to press the “Continue” button. After clicking the button all over again.
Read more •••