Malicious Fitness Tracking iOS Apps Found In Apple Store

iOS Fingerprint Scan
iOS Fingerprint Scan

Two iOS Fitness tracking Apps removed from Apple store.

Malicious Fitness iOS Apps found in Apple store by Eset mobile security researcher Lukas Stefanko said, that these apps developed by the same developer.

When the users have installed these malicious apps, then it asked users to press their finger on the TouchID sensor to set up and access the app.

Apps are premium and asked to user for payment to access the app. If iOS user had already registered their payment card in the App store account, then the transaction would be accepted automatically.

If users refuse to scan their finger in “Fitness Balance app”, another pop-up is displayed, prompting them to tap a “Continue” button to be able to use the app. If they comply, the app tries to repeat the dodgy payment procedure.

Fitness Apps iOS

The bogus apps were, until recently, available in the Apple App Store. The apps were called “Fitness Balance app” and “Calories Tracker app”, and at first glance appeared to put users on the road to fitness – they could calculate the BMI, track daily calorie intake, or remind users to drink more water. These services, however, came with an unexpectedly hefty price tag, according to Reddit users.

Based on the user interface and functionality, both apps are most likely created by the same developer. Users have also posted videos of “Fitness Balance app” and “Calories Tracker app” on Reddit.

Users have reported to Apple about these Apps, they replied.

Hello user,

I am aware of this issue. I’m working hard to fix it. Please wait for version v1.1, everything will be fixed in that version.

Thank you!

How to protect?

  • Think before, when you will pay for these kind of Apps.
  • iPhone X users can activate an additional feature called “Double Click to Pay”.
  • If you fell victim then you can try to claim your refund from Apple App store.

Earlier in 2015, the Chinese security firm Qihoo360 Technology claimed that have uncovered a total of 344 apps affected by a malicious program called XcodeGhost.

Image source ESET
More from Priyanshu Sahay

Reddit Systems Got Hacked Through Insecure SMS 2FA SetUp

Reddit systems breached through SMS 2 Factor Authentication (FA) Hackers accessed Reddit...
Read More

Leave a Reply