Three malicious apps have recently been identified and removed from Apple’s app store.
The apps had a health theme and purported to check heart rate, calorie count or BMI index. “Fitness Balance”, “Calories Tracker” and “Heart Rate Monitor” were discovered to be fraudulent and have been removed.
When the apps asked for a fingerprint scan to access information of interest, the identification method was instead employed to authorise a payment of up to $120. If the user has a credit or debit card linked to an Apple account, the transaction was approved. The apps would then continue to prompt the user to use the finger scanner before continuing to use the app. The scale of losses is unknown.
The existence of these apps in an eco-system generally considered as secure indicates that despite rigorous checks carried out by official app stores, some malicious apps do evade detection.
The malicious apps were spotted and have now been removed. When downloading apps, consumers should check reviews and any available information about the app and its developer. You should also be alert to permissions that the app is requesting – these can be checked in the app settings.
This scam affects iPhone 8 or earlier models. Newer models have a feature called “Double click to pay” which, when activated, requires users to double click the side button to verify a payment.
Duncan is a technology professional with over 20 years experience of working in various IT roles. He has a interest in cyber security, and has a wide range of other skills in radio, electronics and telecommunications.