Many people know that jailbreaking an iPhone opens it up to potentially dangerous third-party software, but as it turns out, even non-jailbroken iOS devices can fall victim to malicious apps. A new Japanese scam is trying to rook iPhone users by installing software that tries to trick them into paying hundreds of dollars to access pornography.
Antivirus giant Symantec, based in Mountain View, California, brought the issue to light on its blog, noting that the Japanese scam is the first time the company has "seen a malicious iOS app being used for one-click fraud purposes." The software takes advantage of a loophole in iOS app development to target both jailbroken and non-jailbroken iPhones alike.
MORE: Best Antivirus Software and Apps
Here's what happens: Japanese users try to navigate to sketchy pornography sites on their iPhones. When a user tries to watch a video, an notification from an app calling itself "playMovie" pops up and says it needs to be installed. The iPhone informs users that the app comes from an untrusted developer, and advises them to proceed at their own risk.
If the app is installed despite the warning, it then informs users that they have just subscribed to an adult video service, and must now cough up the requisite fee: $800 up front, or $2,400 if they wait three days or more.
In actuality, of course, a user has not subscribed to anything, and the app is a pure scam. It's not even technically malware; it doesn't steal your information or compromise your phone in any way. (There's no threat about what happens if you don't pay, and Symantec says users can safely ignore the demand and delete the app.) Pretending a consumer owes money for services he or she did not actually use is a scam as old as the practice of scamming.
Installing apps from outside Apple's official store on iPhones isn't easy, but it's not impossible. Apple offers a program known as the iOS Developer Enterprise Program. If a developer pays an annual $299 fee, he or she can distribute iOS apps via regular websites.
This is usually useful only for people who need to share and test apps in development, but it can be manipulated for fell purposes. The $299 barrier is supposed to stop scammers, for whom there are easier ways to make money. On the other hand, if the scam extorts a minimum of $800 from each victim, the price of admission to the iOS Developer Enterprise Program seems paltry.
Now that Symantec has publicized the scam, Apple will probably shut the developer down. In the meantime, as long as you haven't paid for the phony subscription, there's nothing to worry about. The app gives you two notifications before it installs, and even after it does, it doesn't harm your phone. If you got it, just uninstall it and try to be a little more judicious about third-party apps from shady websites next time.
- What to Do After a Data Breach
- Mobile Security Guide: Everything You Need to Know
- Best Identity-Theft Protection
Marshall Honorof is a senior writer for Tom's Guide. Contact him at mhonorof@tomsguide.com. Follow him @marshallhonorof. Follow us @tomsguide, on Facebook and on Google+.
