Apps darken iPhone screen and use Touch ID to trick users

Apps darken iPhone screen and use Touch ID to trick users

Apps darken iPhone screen and use Touch ID to trick users

Two malicious iPhone apps (iOS) have used Touch ID to authorize payments without the knowledge of the Apple phone owner. Called Heart Rate Measurement and Last Name History, the apps promised to reveal the user’s heartbeat and family name information. However, the programs dimmed the smartphone’s screen brightness and used the fingerprint reader to confirm a R $ 329.90 cash transaction.

Both apps have already been removed from the App Store. It is worth mentioning, however, that the Heart Rate Measurement came to appear among the six most downloaded in the category of titles with purchases, this Friday (30), according to the ranking of the App Annie. Your Last Name History was also among the 10 most downloaded free apps on the platform. THE dnetc contacted Apple, but there has been no response so far.

Five curiosities about TikTok, app more downloaded than Instagram in the USA

1 of 3 Criminals use Touch ID and darkened screen to steal users’ money; know how to escape the coup – Photo: Thiago Lopes / dnetc

Criminals use Touch ID and darkened screen to steal users’ money; know how to escape the coup – Photo: Thiago Lopes / dnetc

Want to buy cell phones, TV and other discounted products? Discover Compare dnetc

According to Fabio Assolini, a Kaspersky expert, the two applications do not contain malicious code or exploit vulnerabilities in Apple’s system. The method is only to trick the user into confirming the transaction without knowing it – the concept of “social engineering” was therefore used to deceive the victims.

Despite having different usage proposals, the apps apply the scam in the same way. After downloading the app, the user tried to use it to measure the heart rate with his thumb on the digital reader, and then the iPhone was dull on the screen. In the dark, there was a confirmation interface with the use of Touch ID and, thus, the payment of R $ 329.90 was made. Both available in Portuguese, the applications made victims in Brazil, according to reports on social networks.

2 out of 3 My Heart Rate came to appear in sixth in the category of apps with payments – Photo: Reproduction / dnetc

My Heart Rate came to appear in sixth in the category of apps with payments – Photo: Reproduction / dnetc

Still according to the Kaspersky expert, there is a tip that can prevent unauthorized shopping scams. «For cases like this, the safest thing is to configure the iPhone to not make any transactions using the digital one.»

In addition, it is worth remembering that attacks with the use of Touch ID only work on models of Apple phones and tablets that offer the fingerprint reader – absent on the iPhone X, XS and XR, the latest generation of branded devices.

3 of 3 Brazilian users fell for the scam: apps offer versions in Portuguese – Photo: Reproduction / Facebook

Brazilian users fell for the scam: apps offer versions in Portuguese – Photo: Reproduction / Facebook

Restarting the iPhone

Restarting the iPhone