Two iOS fitness-tracking tools apps have been found stealing money from iPhone users. These two malicious apps named ‘Fitness Balance App’ and ‘Calories Tracker App’ and are created by one developer.
According to Reddit users and researchers from ESET, the apps leverage a flaw in Apple’s Touch ID feature and steal as much as $120 from each victim. After a user launches one of these apps, it requests a fingerprint scan prompting the user to ‘view their personalized calorie tracker and diet recommendations.’
Once the user scans his fingerprint using Apple TouchID, the app shows a pop-up ask to confirm a payment amounting to $99.99, $119.99 or €139.99.
A malware analyst at ESET security Lukas Stefano said, “ if the user has a credit or debit card directly connected to their Apple account, the transaction is considered verified and money is wired to the operator behind these scams.”
He also said “Posting fake reviews is a well-known technique used by scammers to improve the reputation of their apps”.
The apps has an average rating of 4.3 stars and 18 positive reviews on App store.
Apple has removed these malicious apps from its App Store. Users even tried to contact the developers of ‘Fitness Balance app’ for the refund. In the reply, they are getting the same message saying “reporting issues will be fixed in the upcoming version 1.1”.
Be aware of these type of fake apps.