Security News Scam iOS Fitness Apps Steal Money Through Apple Touch ID

[LASER_oneXM]

Content source

https://www.bleepingcomputer.com/news/security/scam-ios-fitness-apps-steal-money-through-apple-touch-id/

iOS fitness apps were discovered that ask you to provide a fingerprint to continue or access your data, but instead pop up a subscription screen that automatically charges a saved credit card for over $100 USD.

These apps were called "Fitness Balance” and “Calories Tracker" and would tell users that they needed to supply their fingerprint to access a calorie tracker and diet recommendations. When a user supplied their fingerprint and held it down, the app would automatically try and charge a saved credit card or other payment source for $99 to $119 USD.

While iPhone X users would be protected if they enabled "Double Click to Pay", older iPhone users would be charged automatically if they had enough credit or a saved credit card and Touch ID was enabled.

According to reports from Reddit users and from analysis by ESET mobile app security researcher Lukas Stefanko, these apps contained fake reviews that are meant to make the app appear useful and beneficial.

"Despite its malicious nature, the “Fitness Balance app” received multiple 5-star ratings, had an average rating of 4.3 stars and received at least 18 mostly positive user reviews," Stefanko explained in a post regarding these scams. "Posting fake reviews is a well-known technique used by scammers to improve the reputation of their apps."

You can see examples of some of these reviews below.

 

[upnorth]

@Weebarra you need to uninstall these, pronto.

 

[Weebarra]

@Weebarra you need to uninstall these, pronto.

~No need, my fitness level is second to none (none being the operative word here ) i don't need no fitness app to tell me i'm a winner

at being a

.

Do i really need a fitness app ?