Two IOS apps tricked users into paying via TouchID

ESET’s specialist Lukash Stefanko, who often discovers the malware in the official catalog of applications for Android, this time told about two malicious applications in the app Store.

Fraudulent applications were called Fitness Balance and Calories Tracker, and both showed similar behavior, which can be seen in commercials published by affected users on, as well as in the example published by Stefanko himself.

After installation, at the first run, applications asked their victims to attach a finger to the scanner TouchID supposedly to complete the setup. As a matter of fact, as soon as the user gave the application his imprint, he thereby confirmed the payment through TouchID in the amount of 99, 99, 119.99 or 139.99 US dollars.

If the user refuses, the application is simply not run.

Of course, a payment card must have been attached to the App Store, and the user must have had enough money to pay.

In addition, the owners of the IPhone X, which have a Double Click to Pay protection function, were safe.

At the same time, the researcher writes that both applications were clearly made in haste.

So, after confirming the payment they simply closed and disappeared from the screen, even without trying to disguise and simulate the work. But both malicious solutions had a good rating.

For example, Stefanko noted that the rating of Fitness Balance equals 4.3 and the application has a lot of reviews with 5 stars.

The expert explains that most of the reviews were simply false.

The affected users tell Reddit that attempts to contact the developer of the application did not lead to anything. In response to all complaints, there was only an automatic answer stating that the author is aware of the “error” described and will be corrected with the release of the new version.

Currently, both applications are already removed from the app Store, and affected users are encouraged to contact Apple support and request that they return the written-off funds.

Add a Comment

Your email address will not be published. Required fields are marked *