Security researchers at Malwayrebytes have discovered a malvertising campaign that uses scareware to push a ‘free’ VPN app called ‘My Mobile Secure’ to iOS users via malicious ads on popular Torrent sites.
The page plays an “ear-piercing” beeping sound and falsely warns the user that his or her device is infected with viruses with the message: “We have detected that your Mobile Safari is (45.4 percent) DAMAGED by BROWSER TROJAN VIRUSES picked up while surfing recent corrupted sites.”
Users are then encouraged to download the app in order to remove “infected applications and files”, but to do so they must hand over a plethora of personal information.
“Such alerts on mobile devices are not new and sadly common place via many ad networks these days”, writes Jérôme Segura, lead malware intelligence analyst at Malwarebytes. “Usually, aggressive affiliates remunerated per lead will use these kinds of tactics to drive traffic to game apps or even tech support scams.
“Social engineering attacks such as the one above are still active and prey on the surprise effect or culpability someone may experience after browsing sites with pirated material.”
The developer behind My Mobile Secure is a comScore, Inc. company called VoiceFive, “a leading global market research company that studies and reports on Internet trends and behavior.”
In order to activate the free VPN app, users must join the MobileXpression research community. But the fine print reveals that the company will collect a whole host of user data, including contact and demographic information, device data, web browsing activity and even the number of text messages sent.
Segura points out the contradictory nature of these activities: “MobileXpression is a market research panel designed to understand the trends and behaviours of people using the mobile Internet. This seems a bit peculiar when applied to a VPN product, whose goal is to precisely anonymise your online activity by encrypting your data from your ISP, government, bad guys, etc.
He advises users to always review the companies behind such products before signing up, so that you know exactly who you are trusting your private data to.
Think you know mobile apps? Try our quiz!
Apple fined 150m euros over App Tracking Transparency feature that it says abuses Apple's market…
OpenAI to release customisable open-weight model in coming months as it faces pressure from open-source…
Samsung's Bespoke AI-powered fridge monitors food to create shopping lists, displays TikTok videos, locates misplaced…
Huawei sees 38 percent jump in consumer revenues as its smartphone comeback continues to gather…
In world-first, China approves commercial flights for EHang autonomous passenger drone, paving way for imminent…
Microsoft closes down IoT and AI lab it operated in Shanghai tech district in latest…
View Comments
If you want to get real VPN services then it is imperative that you should go for the best paid VPN. Obviously, providers offering you free VPN services do not provide you real services as mentioned here https://www.purevpn.com/blog/best-paid-vpn/