Despite Apple’s rigorous App Review process, a new crop of scam apps for macOS have been discovered on the company’s App Store.
As reported by The Verge, principal software engineer at Red Hat, Edoardo Vacci discovered the first in the latest batch of scam apps. The app in question, My Metronome, locks up and won’t allow users to quit using either the menu bar or keyboard shortcuts (it can be Force Quit though) until they agree to pay a $9.99 per month subscription.
Share your thoughts on Cybersecurity and get a free copy of the Hacker’s Manual 2022. Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/£10.99.
According to FlickType founder and scam app hunter Kosta Eleftheriou who spoke with The Verge, the developer behind My Metronome seems to have “experimented with various techniques over the years of preventing people from closing the paywall”.
Following a tweet from Eleftheriou, My Metronome was removed from the App Store but its developer, Music Paradise, LLC is also connected to another app development company called Groove Vibes that has created similar scam apps. In fact, according to the privacy policies of both companies, they’re registered at the same address and both mention Akadem GmbH.
Pay to quit apps
To see for themselves, The Verge decided to test Music Paradise’s Music Paradise Player app along with all of the Mac apps made by Groove Vibes.
According to the news outlet, all of the apps it tested immediately displayed a pop-up that asked users to sign up for a subscription. While three apps from Groove Vibes allowed users to quit using the menu bar or by pressing Command+Q, two of the company’s apps along with the Music Paradise Player app greyed out the quit option in the menu bar and prevented users from clicking the red button at the corner to close the app. Keyboard shortcuts were also of no use.
Unlike ransomware, the apps in question don’t lock users out of their files but instead prevent users from easily closing them so that they fall for the scam and sign up for a monthly subscription instead.
Surprisingly, all of these scam apps appeared to slip through the cracks during Apple’s App Review process which should have prevented them from being published in the first place. While scams like these do reappear from time to time, at least Apple added a “Report a Problem” button to the App Store so at least users can warn the company about scam apps.
Via The Verge
Go to Source