Two malicious iPhone apps (iOS) used Touch ID to authorize payments without the knowledge of the Apple phone owner. Called Heart Rate Measurement and Last Name History, the apps promised to reveal the user's heartbeat and family name information. However, the programs dimmed the smartphone's screen brightness and used the fingerprint reader to confirm a R $ 329.90 cash transaction.
Both apps have already been removed from the App Store. It is worth mentioning, however, that the Heart Rate Measurement came to appear among the six most downloaded in the category of titles with purchases, this Friday (30), according to the ranking of the App Annie. Your Last Name's Story was also among the 10 most downloaded free apps on the platform. O TechTudo contacted Apple, but there has been no response so far.
Five curiosities about TikTok, app more downloaded than Instagram in the USA
Criminals use Touch ID and darkened screen to steal users' money; know how to escape the coup Photo: Thiago Lopes / TechTudo
Want to buy cell phones, TV and other discounted products? Meet Compare TechTudo
According to Fabio Assolini, a specialist at Kaspersky, the two applications do not present malicious codes or exploit vulnerabilities in Apple's system. The method consists only in deceiving the user to confirm the transaction without knowing it was used, therefore, the concept of social engineering to deceive the victims.
Despite having different usage proposals, the apps apply the scam in the same way. After downloading the app, the user tried to use it to measure heart rate with his thumb on the digital reader, and then the iPhone was dull on the screen. In the dark, there was a confirmation interface with the use of Touch ID and, thus, the payment of R $ 329.90 was made. Both available in Portuguese, the applications made victims in Brazil, according to reports on social networks.
My Heart Rate came to appear in sixth in the category of apps with payments Photo: Reproduo / TechTudo
Also according to the Kaspersky expert, there is a tip that can prevent unauthorized shopping scams. "For cases like this, it is safest to configure the iPhone to not make any transactions using digital."
In addition, it is worth remembering that attacks with the use of Touch IDs only work on models of mobile phones and tablets from Apple that offer the digital reader absent on the iPhone X, XS and XR, the latest generation of branded devices.
Brazilian users fell for the scam: apps offer Portuguese versions Photo: Reproduo / Facebook
How to restart the iPhone