Dodgy iOS apps won’t track your fitness but will steal your money

Share on facebook
Share on twitter
Share on linkedin
Share on email

We received an alert this afternoon from ESET Southern Africa informing us of an app parading as a fitness tracker for iOS. The twist is that the app will steal your money instead of helping you be fitter.

ESET Southern Africa says that before they were removed, there were two apps in the Apple App Store that would try to steal money from users, namely Fitness Balance and Calories Tracker.

“After a user fires up any of the abovementioned apps for the first time, the apps request a fingerprint scan to “view their personalized calorie tracker and diet recommendations”. Only moments after the user complies with the request and places his/her finger on the fingerprint scanner, the apps display a popup showing a dodgy payment amounting to 99.99, 119.99 USD or 139.99 EUR,” explains ESET SA.

The pop-up is only visible for a second but ESET Southern Africa says that if a user’s credit or debit card is linked to the Apple App Store a charge for the aforementioned amount will be authorised once a fingerprint is read.

“If users refuse to scan their finger in “Fitness Balance app”, another popup is displayed, prompting them to tap a “Continue” button to be able to use the app. If they comply, the app tries the repeat the dodgy payment procedure again,” said ESET Southern Africa.

The security firm goes on to say that the Fitness Balance app had received multiple five-star ratings with an average of 4.3 stars.

With the apps originally discovered over on Reddit, some users attempted to contact the developer of Fitness Balance only to receive a message saying they should wait for Version 1.1 of the app as that will fix the “issue”.

ESET Southern Africa advises iOS users check the reviews on apps not for positive reviews but negative ones as they often reveal the true nature of an app.

iPhone X users can also activate “Double Click to Pay” as an additional precaution.

As for those that have already been duped ESET Southern Africa advises contacting the Apple App Store to try to claim a refund.

[Image – CC 0 Pixabay]

Brendyn Lotz

Brendyn Lotz

Brendyn Lotz writes news, reviews, and opinion pieces for Hypertext. His interests include SMEs, innovation on the African continent, cybersecurity, blockchain, games, geek culture and YouTube.