Security researchers warn of scam VPN apps on iOS
Security researchers at Avast have discovered and reported three iOS VPN apps that were attempting to scam users into buying expensive subscriptions that charged them once a week.
Virtual private networks, or VPNs, are apps that route internet traffic through a "tunnel," often for security and privacy purposes. Security experts have long cautioned users from downloading untrusted VPNs, however, as malicious variants can in some cases glean sensitive information without a user's knowledge.
The three apps that Avast researchers discovered were high-rated VPN apps that "overcharge users, do not provide the services they promote and appear to be 'fleeceware.'"
"Fleeceware apps fall into a gray area, because they are not malicious per se, they simply charge users absurd amounts of money for weekly, monthly or yearly subscriptions for features that should be offered at much lower costs," said Nikolaos Chrysaidos, Avast's head of Mobile Threats and Security.
Researchers found that the three apps charge $9.99 a week for a subscription after a free three-day trial. When they purchased a subscription and attempted to use the VPNs, they only found additional prompts to buy access. Because the researchers already had an existing subscription, the apps showed an error message alerting them of that fact. They were thus "unable to establish a VPN connection" using them.
The three apps are Buckler VPN, Hat VPN and Beetle VPN. All three are still available on the iOS App Store and have ratings ranging from 4.6 to 4.8 stars. Avast notes that the apps don't contain malicious components, so they were able to circumvent Apple's App Store guidelines.
Avast also notes that they found evidence that the app's high-rating reviews were fake. Most of them were similarly written, and peppered in between them were comments warning of scammy functionality. The apps' privacy policies were also written with "very similar language and structure."
The security company recommends users pay close attention to what types of charges can be expected after any app free trial ends, and to closely monitor credit card charges to ensure they aren't being overcharged. Avast says it reported all three apps to Apple.
"With many people turning to VPN apps to protect their data while working remotely, this illustrates how important it is for users to research VPN apps before installing them, including who is behind the product, their track record with other products and user reviews, and experience in offering security and privacy apps," Chrysaidos said.
Virtual private networks, or VPNs, are apps that route internet traffic through a "tunnel," often for security and privacy purposes. Security experts have long cautioned users from downloading untrusted VPNs, however, as malicious variants can in some cases glean sensitive information without a user's knowledge.
The three apps that Avast researchers discovered were high-rated VPN apps that "overcharge users, do not provide the services they promote and appear to be 'fleeceware.'"
"Fleeceware apps fall into a gray area, because they are not malicious per se, they simply charge users absurd amounts of money for weekly, monthly or yearly subscriptions for features that should be offered at much lower costs," said Nikolaos Chrysaidos, Avast's head of Mobile Threats and Security.
Researchers found that the three apps charge $9.99 a week for a subscription after a free three-day trial. When they purchased a subscription and attempted to use the VPNs, they only found additional prompts to buy access. Because the researchers already had an existing subscription, the apps showed an error message alerting them of that fact. They were thus "unable to establish a VPN connection" using them.
The three apps are Buckler VPN, Hat VPN and Beetle VPN. All three are still available on the iOS App Store and have ratings ranging from 4.6 to 4.8 stars. Avast notes that the apps don't contain malicious components, so they were able to circumvent Apple's App Store guidelines.
Avast also notes that they found evidence that the app's high-rating reviews were fake. Most of them were similarly written, and peppered in between them were comments warning of scammy functionality. The apps' privacy policies were also written with "very similar language and structure."
The security company recommends users pay close attention to what types of charges can be expected after any app free trial ends, and to closely monitor credit card charges to ensure they aren't being overcharged. Avast says it reported all three apps to Apple.
"With many people turning to VPN apps to protect their data while working remotely, this illustrates how important it is for users to research VPN apps before installing them, including who is behind the product, their track record with other products and user reviews, and experience in offering security and privacy apps," Chrysaidos said.
Comments
Naming "the good VPNs" requires a whole different article of reviewing every fucking VPN app. Even finding "some good VPNs" requires a lot of research. That's far beyond the scope of this article.
"There are scam VPN apps out there. Here are three. Beware the fees." Job done.
I would really like to see somebody more reliable than Zekes Product Reviews That Are Totally Not Paid For By The Manufacturers, did a review of malware security packages. I’ve uses Avast for several years, but I don’t know if they are the best. I don’t know if their optional VPN is as good as Nord that I use. I don’t know anything about ransomeware protection. I really have no idea what is good and what isn’t any more. The online world has gotten to be quite hazardous. I don’t know that the Malware package I use is satisfactory any more. I’d love to see someone reliable, like AppleInsider look over a bunch of them and let us know what’s good and what is a screen door.