Security researchers at Malwayrebytes have discovered a malvertising campaign that uses scareware to push a ‘free’ VPN app called ‘My Mobile Secure’ to iOS users via malicious ads on popular Torrent sites.
The page plays an “ear-piercing” beeping sound and falsely warns the user that his or her device is infected with viruses with the message: “We have detected that your Mobile Safari is (45.4 percent) DAMAGED by BROWSER TROJAN VIRUSES picked up while surfing recent corrupted sites.”
Users are then encouraged to download the app in order to remove “infected applications and files”, but to do so they must hand over a plethora of personal information.
“Such alerts on mobile devices are not new and sadly common place via many ad networks these days”, writes Jérôme Segura, lead malware intelligence analyst at Malwarebytes. “Usually, aggressive affiliates remunerated per lead will use these kinds of tactics to drive traffic to game apps or even tech support scams.
“Social engineering attacks such as the one above are still active and prey on the surprise effect or culpability someone may experience after browsing sites with pirated material.”
The developer behind My Mobile Secure is a comScore, Inc. company called VoiceFive, “a leading global market research company that studies and reports on Internet trends and behavior.”
In order to activate the free VPN app, users must join the MobileXpression research community. But the fine print reveals that the company will collect a whole host of user data, including contact and demographic information, device data, web browsing activity and even the number of text messages sent.
Segura points out the contradictory nature of these activities: “MobileXpression is a market research panel designed to understand the trends and behaviours of people using the mobile Internet. This seems a bit peculiar when applied to a VPN product, whose goal is to precisely anonymise your online activity by encrypting your data from your ISP, government, bad guys, etc.
He advises users to always review the companies behind such products before signing up, so that you know exactly who you are trusting your private data to.
Think you know mobile apps? Try our quiz!
Foxconn is expected to begin a foldable iPhone project later this year, says analyst, with…
More job losses for Microsoft, after report tech giant is planning to cut thousands of…
Another setback? Elon Musk's SpaceX rocket explodes into giant fireball during testing at Starbase facility…
Texas Instruments says it will spend more than $60 billion to expand its manufacturing footprint…
New guidelines issued by Dutch government advises that children under 15 should not use social…
Demand for AI skills continues to grow, as Meta allegedly seeks to poach OpenAI staff…
View Comments
If you want to get real VPN services then it is imperative that you should go for the best paid VPN. Obviously, providers offering you free VPN services do not provide you real services as mentioned here https://www.purevpn.com/blog/best-paid-vpn/