The Almighty Buck

Report Reveals In-App Purchase Scams In the App Store (macrumors.com) 48

In a Medium article titled How to Make $80,000 Per Month On the Apple App Store, Johnny Lin uncovers a scamming trend in which apps advertising fake services are making thousands of dollars a month from in-app purchases. The practice works by manipulating search ads to promote dubious apps in the App Store and then preys on unsuspecting users via the in-app purchase mechanism. MacRumors reports: "I scrolled down the list in the Productivity category and saw apps from well-known companies like Dropbox, Evernote, and Microsoft," said Lin. "That was to be expected. But what's this? The #10 Top Grossing Productivity app (as of June 7th, 2017) was an app called 'Mobile protection :Clean & Security VPN.' Given the terrible title of this app (inconsistent capitalization, misplaced colon, and grammatically nonsensical 'Clean & Security VPN?'), I was sure this was a bug in the rankings algorithm. So I check Sensor Tower for an estimate of the app's revenue, which showed ... $80,000 per month?? That couldn't possibly be right. Now I was really curious." To learn how this could be, Lin installed and ran the app, and was soon prompted to start a "free trial" for an "anti-virus scanner" (iOS does not need anti-virus software thanks to Apple's sandboxing rules for individual apps). Tapping on the trial offer then threw up a Touch ID authentication prompt containing the text "You will pay $99.99 for a 7-day subscription starting Jun 9, 2017." Lin was one touch away from paying $400 a month for a non-existent service offered by a scammer. Lin dug deeper and found several other similar apps making money off the same scam, suggesting a wider disturbing trend, with scam apps regularly showing up in the App Store's top grossing lists.
Power

Researchers Reveal Malware Designed To 'Power Down' Electric Grid (securityledger.com) 42

chicksdaddy writes: A sample of malicious software discovered at the site of a December, 2016 cyber attack on Ukraine's electrical grid is a previously unknown program that could be capable of causing physical damage to the electrical grid, according to reports by two security firms. The Security Ledger reports: "Experts at the firm ESET and Dragos Security said on Monday that the malicious software, dubbed CrashOverride (Dragos) or Industroyer (ESET) affected a 'single transmission level substation' in the Ukraine attack on December 17th, 2016 in what appears to have been a test run. Still, experts said that features in the malware show that adversaries are automating and standardizing what were previously manual attacks against critical infrastructure, while also adding features that could be used to physically disable or damage critical systems -- the first evidence of such activity since the identification of the Stuxnet malware in 2010. The Crash Override malware 'took an approach to understand and codify the knowledge of the industrial process to disrupt operations as STUXNET (sp) did,' wrote Dragos Security in a report. The malware improves on features seen in other malicious software that it knows to target industrial control systems. Specifically, the malware makes use of and manipulates industrial control system-specific communications protocols. That's similar to features in ICS malware known as Havex that targeted grid operators in Europe and the United States in 2014. The Crash Override malware also targeted the libraries and configuration files of so-called 'Human Machine Interfaces' (or HMIs) to understand the environment they have infected. It can use HMIs, which provide a graphical interface for managing industrial control system equipment, to connect spread to other Internet connected equipment and systems, Dragos said."
Security

Researchers Have Found a Way To Root Out Identity Thieves By Analyzing Their Mouse Movements With AI (qz.com) 62

An anonymous reader shares an article: In the study, published recently in PLoS One, the researchers quizzed 40 respondents about their personal details. Half of the respondents were asked to answer the questions truthfully, but the other half were given details about fake identities they had to memorize and use in the quiz. The computer quiz kept track of the movement of each respondent's mouse as they answered the questions, and noted how the fakes differed from the truth-tellers when they moved the cursor from the bottom of the screen to the answers at the top. The quiz consisted of 12 questions like, "Do you live in Padua?" and "Are you Italian?" That covered details an identity thief could easily remember and answer, but then the quiz threw them a curve ball. "What is your zodiac sign," it asked in the second series of 12 questions, which were designed to be easy for the genuine respondents, but more difficult for the fakers to work out. After the researchers took the mouse-movement data collected from the quizzes and trained a machine-learning algorithm to analyze it, they found that was indeed the case. It was able to discern the fake responses from the real ones 95% of the time.
Security

The Internet Of Things Is Becoming More Difficult To Escape (npr.org) 165

An anonymous reader writes: After a long day, many of us try to set down our technology and unplug from the world around us. But, according to a new report by the Pew Research Center and Elon University's Imagining the Internet Center, over the next few years, that will become much more difficult to do. The Internet of things will continue to spread between now and 2026, until human and machine connectivity becomes ubiquitous and unavoidably present, according to experts who participated in what Pew described as a "nonscientific canvassing." About 1,200 participants were asked: "As automobiles, medical devices, smart TVs, manufacturing equipment and other tools and infrastructure are networked, is it likely that attacks, hacks or ransomware concerns in the next decade will cause significant numbers of people to decide to disconnect, or will the trend toward greater connectivity of objects and people continue unabated?" The answers they gave were telling: 15 percent said significant numbers of people would disconnect while 85 percent said most people would just move more deeply into connected life. Unplugging is futile, and plugging in is unavoidable. It's already difficult to create distance from the technology that surrounds us, but as connectivity increases, it might become impossible to do so.

Slashdot Top Deals