New Attack Pushes Rogue App Over-The-Air To Non-Jailbroken Devices

A newly released report is suggesting that iOS users in Japan are being targeted by cyber bad guys with a malicious app when they attempt to see ‘‘ unsafe’ videos. Famously referred to as the one-click fraud, the rip-off is not just appropriate to jailbroken iOS devices, however non-jailbroken ones too.

This one-click formula has been around for fairly some time now and has been actively utilized versus Windows, Mac, as well as Android users in the previous couple of years. The risk to iOS devices was simply discovered by Symantec, with the business believing that not just have these fraudster prepared an iOS version of the app, however “are distributing it on a similar deceptive website.”


Over-the-air shipment of an app in this manner on iOS is nothing brand-new. Some hackers have actually been discovered to abuse Apple’s iOS Developer Business program in the past. WireLurker is one current example of this type of exploitation by hackers, where signed enterprise certificates are made use of to install a malicious app on a device. The very same method is made use of by apps such as MovieBox and PlayBox also for setup. When Apple revokes the enterprise certifications, the over-the-air setup route for these apps cease to work.

“The fraudsters are most likely benefiting from the iOS Developer Business Program for their campaign, though we have actually not verified this,” says Symantec which more discusses that it is the very first time the business has actually seen “a malicious iOS app being made use of for one-click scams purposes.”

“If the app is set up on the user’s device, then it informs the user that they have accepted end up being a member of the site and demands that they pay 99,000 Japanese yen (roughly US$ 800) now or 300,000 yen (approximately $ 2,400) after three days.”The app itself serves as a part to tempting in a victim to pay for a subscription.



If you see any such unusual app asking you to trust and install it OTA through internet, as revealed in screenshots above, do not accept it unless and up until you know you trust the app and its designer. As long as you do not install such apps from untrusted designers, you will be safe from this destructive app and fraudulent scam.

The iOS Developer Program, which costs $ 99 every year, allows members to distribute apps making use of ad hoc provisioning profiles to devices that have their unique IDs (UDID) registered. The iOS Designer Enterprise Program nevertheless is more versatile and costs $ 299 per annum. It utilizes signed certifications to push apps over-the-air. No UDID registration is required for this program. Companies normally utilize this program to test or install internal apps on their workers’ devices. This attack is most likely abusing Apple’s iOS Developer Enterprise Program.

(Source: Symantec)

You can follow us on Twitter, include us to your circle on Google+ or like our Facebook page to keep yourself updated on all the most recent from Microsoft, Google, Apple and the Web.

Associated Posts

  • New Safari Susceptability Discovered, Spoofs Links For Phishing Purposes
  • iOS 8 Defect Lets Hackers Crash iPhone, iPad Using Wi-Fi [Video]
  • 1,500 iOS Apps Susceptible To This Security Defect; Examine If Your iPhone Is At Threat
  • This Software Can Crack iOS Passcode On Jailbroken Devices [Video]
  • This Device Can Break iOS 8.1 Passcode With Relative Ease [Video]

You can follow on Twitter, add us to your circle on Google+ or like our Facebook page to keep yourself updated on all the latest from Apple and the Web.