Security researchers at Malwayrebytes have discovered a malvertising campaign that uses scareware to push a ‘free’ VPN app called ‘My Mobile Secure’ to iOS users via malicious ads on popular Torrent sites.
The page plays an “ear-piercing” beeping sound and falsely warns the user that his or her device is infected with viruses with the message: “We have detected that your Mobile Safari is (45.4 percent) DAMAGED by BROWSER TROJAN VIRUSES picked up while surfing recent corrupted sites.”
Users are then encouraged to download the app in order to remove “infected applications and files”, but to do so they must hand over a plethora of personal information.
“Such alerts on mobile devices are not new and sadly common place via many ad networks these days”, writes Jérôme Segura, lead malware intelligence analyst at Malwarebytes. “Usually, aggressive affiliates remunerated per lead will use these kinds of tactics to drive traffic to game apps or even tech support scams.
“Social engineering attacks such as the one above are still active and prey on the surprise effect or culpability someone may experience after browsing sites with pirated material.”
The developer behind My Mobile Secure is a comScore, Inc. company called VoiceFive, “a leading global market research company that studies and reports on Internet trends and behavior.”
In order to activate the free VPN app, users must join the MobileXpression research community. But the fine print reveals that the company will collect a whole host of user data, including contact and demographic information, device data, web browsing activity and even the number of text messages sent.
Segura points out the contradictory nature of these activities: “MobileXpression is a market research panel designed to understand the trends and behaviours of people using the mobile Internet. This seems a bit peculiar when applied to a VPN product, whose goal is to precisely anonymise your online activity by encrypting your data from your ISP, government, bad guys, etc.
He advises users to always review the companies behind such products before signing up, so that you know exactly who you are trusting your private data to.
Think you know mobile apps? Try our quiz!
Tesla shareholders to be asked to reinstate Elon Musk's $56 billion pay package, days after…
Catching WhatsApp? Billionaire founder of Telegram claims encrypted platform will reach one billion users within…
Good news for Mark Zuckerberg as judge dismisses some claims in dozens of lawsuits alleging…
Consequences of Assembly Bill 886. Google begins removing California news websites from some search results
CEO Tim Cook during visit to Jakarta says Apple will look into building a manufacturing…
Introduction of digital services tax on tech firms will begin in 2024 Canadian government confirms,…
View Comments
If you want to get real VPN services then it is imperative that you should go for the best paid VPN. Obviously, providers offering you free VPN services do not provide you real services as mentioned here https://www.purevpn.com/blog/best-paid-vpn/