最有看点的互联网金融门户

最有看点的互联网金融门户
国际资讯基于互联网平台的金融业务

iOS平台爆出两款恶意软件 欺骗用户进行Touch ID支付

日前有Reddit使用者发现,iOS平台上出现了利用app内伪装页面欺骗用户进行Touch ID支付的恶意软件。

两款被爆出问题的应用分别是「Fitness Balance」和「Calories Tracker」,它们都属于健身类的app,可以提供常见的运动记录功能。只不过,当你在使用过程中想要查看个人卡路里或食谱资讯时,app内就会出现要求你扫描Touch ID的欺诈页面。若是你的警觉性不够高,就要付出120美元的代价了。

在这两款软件的不轨行为被发现以后,自然有使用者向苹果举报。目前来看App Store中的相关内容是已经被下架,但官方尚未就此给出任何声明就是了。按照WeLiveSecurity的说法,「Fitness Balance」原来有着高达4.3星的分数,其评价中有至少18个颇为正面的好评,回过头看这里面应该是有不少的水分吧。

根据苹果的开发者导引规定,这两款app背后的开发者以后(至少是没机会以原来身分)是没机会再在App Store上发布自己的作品了。但让人想不通的地方在于,这样的软件当初是怎么逃过以严格著称的App Store审核的呢?

Reddit users are exposing shady iOS fitness apps that use the Touch ID feature on iPhones and iPads to scam people out of cash. Both "Fitness Balance app" and "Calories Tracker app" were active on the App Store until recently, though Apple appears to have now removed them.

Like their genuine counterparts, they promised to calculate your BMI, track daily calorie intake, or remind you to drink more water. But they also used a cunning, but downright fraudulent, trick tied to to the iOS Touch ID sensor. While asking to secure your personalized diet data by scanning your fingerprint, the apps would display a pop-up showing a payment of $119.99. With just seconds to act, the scam could easily see users inadvertently handing over money from their connected credit or debit cards.

It seems people reported the apps to Apple, which likely led to their removal, though Apple itself hasn't released an official statement on the takedowns. According to WeLiveSecurity, the "Fitness Balance app" had an average rating of 4.3 stars, and received at least 18 mostly positive reviews, which may well have been faked.

In its developer guidelines, Apple forbids apps that "prey on users or attempt to rip-off customers, trick them into making unwanted purchases, force them to share unnecessary data, raise prices in a tricky manner, charge for features or content that are not delivered, or engage in any other manipulative practices within or outside of the app." Developers who break the rules risk being banned forever, warns the company.

Despite Apple's solid track record when it comes to App Store security, the odd shady app has slipped through the cracks. Late last year a fake port of the Xbox game Cuphead made the cut, before being removed. And back in 2012, a fake version of the Game Boy classic Pokemon Yellow also briefly appeared on the App Store.

用微信扫描可以分享至好友和朋友圈

扫描二维码或搜索微信号“iweiyangx”
关注未央网官方微信公众号,获取互联网金融领域前沿资讯。

发表评论

发表评论

您的评论提交后会进行审核,审核通过的留言会展示在下方留言区域,请耐心等待。

评论

您的个人信息不会被公开,请放心填写! 标记为的是必填项

取消

英国:FCA推出新规应对授权推送支付欺诈

栀航 20小时前

英国金融业界建议推出支付税补偿欺诈受害者

Finextra | FINEXTRA 10-11

英国计划出台新法案应对APP付款诈骗

高旭 09-29

特朗普成立工作组打击加密货币欺诈

区块科技研究与监管 07-16

在线欺诈管理平台CashShield获2000万美元融资

高旭 | PYMNTS 06-27

版权所有 © 清华大学五道口金融学院互联网金融实验室 | 京ICP备17044750号-1