{"id":7257,"date":"2017-04-06T10:10:12","date_gmt":"2017-04-06T18:10:12","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/04\/06\/news-1048\/"},"modified":"2017-04-06T10:10:12","modified_gmt":"2017-04-06T18:10:12","slug":"news-1048","status":"publish","type":"post","link":"http:\/\/www.palada.net\/index.php\/2017\/04\/06\/news-1048\/","title":{"rendered":"Malvertising on iOS pushes eyebrow-raising VPN app"},"content":{"rendered":"

Credit to Author: J\u00e9r\u00f4me Segura| Date: Thu, 06 Apr 2017 17:10:49 +0000<\/strong><\/p>\n

There is a preconceived idea that malvertising mostly affects the Windows platform. Certainly, when it comes to malicious adverts, Internet Explorer is a prime target for malware infections. However, malvertising can produce different outcomes adapted to the device the user is running.<\/p>\n

Case in point, we discovered this scareware campaign that pushes a ‘free’ VPN app called My Mobile Secure<\/em> to iOS users\u00a0via rogue ads on popular Torrent sites. The page plays an ear-piercing beeping sound and claims your device is infected with viruses.<\/p>\n

“We have detected that your Mobile Safari is (45.4%) DAMAGED by BROWSER TROJAN VIRUSES picked up while surfing recent corrupted sites.”<\/em><\/p>\n

\"\"<\/a><\/p>\n

Such alerts on mobile devices are not new and sadly\u00a0common place via many\u00a0ad networks these days. Usually, aggressive affiliates remunerated per lead\u00a0will use these kinds\u00a0of tactics to drive traffic to game apps or even\u00a0tech support scams<\/a>.<\/p>\n

Thankfully for the latter, Apple has released an update to their mobile operating system (iOS 10.3.1<\/a>) to avoid so-called “browser lockers” via incessant JavaScript popups that prevented users from closing the offending page. Having said that, social engineering attacks such as the one above are still active and prey on the surprise effect or culpability someone may experience after browsing sites with pirated material.<\/p>\n

Network traffic<\/h3>\n

This malvertising chain starts off with an ad call from Propeller Ads Media, goes through Real Time Bidding (RTB) via AdMetix, is redirected to RevenueHits, and finishes off with scammy advertisers.<\/p>\n

\"\"<\/a><\/p>\n

‘Free’ VPN\u00a0app<\/h3>\n

This fake website advertises the MyMobileSecure <\/em>VPN<\/a>\u00a0to remove “infected applications and files”. Tapping on ‘Remove Virus’ opens up the App Store to download this app.<\/p>\n

\"\"<\/p>\n

\"\"<\/p>\n

\"\"<\/p>\n

The MyMobileSecure\u00a0developer, VoiceFive is a\u00a0comScore, Inc. company, “a leading global market research company that studies and reports on Internet trends and behavior.<\/em>” In order to activate the free VPN app, users must join the\u00a0MobileXpression research community, and this is where things get interesting.<\/p>\n

\"\"<\/p>\n

From mymobilescure.com<\/a>: “The MobileXpression<\/strong> email account is a part of the software download package for iPhones and iPads. The email account is there to provide you with a better way to stay in touch with MobileXpression and also make sure our software works correctly.”<\/em><\/p>\n

If the product is free, you are the product<\/h3>\n

According to their website<\/a>,\u00a0MobileXpression is a market research panel designed to understand the trends and behaviors of people using the mobile Internet. This seems a bit peculiar when applied to a VPN product, whose goal is to precisely anonymize your online activity by encrypting your data from your ISP, government, bad guys, etc.<\/p>\n

As an aside, the topic of VPNs is particularly hot at the moment, on the heels of an upcoming bill (S.J. Res. 34<\/a>) that would allow Internet Service Providers (ISPs) to sell data about your online habits to advertisers. Many people are rushing into installing the first VPN they can get their hands on, which is a terrible idea considering many companies out there are very\u00a0shady and far worse than your own ISP.<\/p>\n

Free does not mean Open Source or risk-free for that matter. But the fact of the matter is that people tend to gravitate towards free products, especially if those are pushed aggressively via hungry advertisers. For this reason, users should pay even more attention before installing a free app.<\/p>\n

If the reason you want to install a VPN is because you are truly worried\u00a0about your online privacy, then you really ought to read the fine print<\/a>. This particular VPN app has some\u00a0concerning statements:<\/p>\n

\"\"<\/a><\/p>\n

If you shop around\u00a0for other VPN providers, you will see the exact opposite when it comes to data collection\u00a0and logging. Here are some examples:<\/p>\n