Apple iOS App Store

A security blogger named Jonny Lin published a post on the blogging platform, Medium, detailing an iOS app subscription scheme affecting Apple users who downloaded certain apps from the App Store. According to Lin, scammers have been abusing Apple’s Search Ad, a program that allows developers to pay for app placement at the top of the search results in the App Store. Malicious apps masquerading as antivirus software, VPNs, password generators, and other seemingly legitimate software could be featured at the top of iOS users' screens when searching for various productivity apps. Once installed, the malicious app requests access to the device’s contact list and tries to lure the user into accepting a seven day “free trial” of antivirus protection, after which the cost to the user would be nearly $100 per week. If the device's Touch ID feature is enabled and the user touches the home button, the app will register the user for the service and begin charging the user’s account after the first week. Lin found that one of these apps was ranked as the 144th most downloaded free productivity app, with approximately 50,000 downloads. The NJCCIC recommends iOS users exercise caution when downloading apps and regularly check which subscriptions are associated with their accounts by following the instructions available here. Users are encouraged to report malicious and suspicious apps to Apple through iTunes Connect.