Fake App Stole Life Savings: App Store utility ripped off $ 1.6 billion of users and Apple’s vaunted security system failed
Apple boasts that its branded App Store is a safe haven. The same cannot be said about Google Play, where you can find malicious applications.
But not everything is so simple and Apple does not have a mechanism that 100% guarantees that low-quality software does not fall into the open spaces of the application store.
After going through the “millstones” of Apple’s verification, a fraudulent utility Trezor for iOS for trading cryptocurrency entered the App Store. Many thought it was an app from Trezor, a company that specializes in creating hardware wallets for cryptocurrency.
Fake App Stole Life Savings
Working with this program, the user Philip Christodoulou lost 17.1 bitcoins and at the current exchange rate it is about $ 600 thousand, they were simply stolen.
But he was not the only victim of the scammers. There were at least 4 more people who lost their cryptocurrency and the total damage amounted to $ 1.6 billion.
It is quite logical that the victims blamed everything on Apple, which allowed the appearance of fraudulent software on the App Store. For its part, the Cupertino-based concern said that the developers of the application resorted to using the “switch” or “toggle” technique.
Simply put, they provided a safe version of the utility for safe storage of data for verification, and after it was given the go-ahead for placement in the App Store, they changed it to a cryptocurrency wallet.
Alas, the fact of the substitution was not detected in time and the creators of the fraudulent software managed to profit quite well. The incident prompted an App Store audit, which resulted in the removal of several utilities from the catalog.
What kind of applications it is, how many of them turned out to be and what they were using, the company does not announce.
It is worth mentioning that a similar fraudulent Trezor app was created for Android devices as well. But Trezor then managed to warn users that it did not have a mobile application and warned them against installing fake utilities.
A similar notice was sent to Google, which quickly removed the fake Trezor wallet last December.