SecureMac, Inc.

New Malvertising Campaign Targets iOS Users with Data-Hoarding VPN

April 17, 2017

With the huge volume of ads displayed on sites across the Web today, it’s no surprise that bad actors view them as a window to reach vulnerable users. A new malvertising threat has appeared for iOS users. This time, it’s not about infecting your iOS devices directly — instead, it’s designed to coerce users into installing software that monitors and tracks their online activities. It does this by masquerading …

New Malvertising Campaign Targets iOS Users with Data-Hoarding VPN

With the huge volume of ads displayed on sites across the Web today, it’s no surprise that bad actors view them as a window to reach vulnerable users. A new malvertising threat has appeared for iOS users. This time, it’s not about infecting your iOS devices directly — instead, it’s designed to coerce users into installing software that monitors and tracks their online activities. It does this by masquerading as a VPN, or virtual private network. VPNs are often useful for providing yourself with greater privacy protections while browsing online by concealing your real IP address. What happens with this particular malvertising attack, and how can users avoid it?

You may find the malicious ads appearing on popular torrent websites. After a user clicks on one of these ads, it sends them to a website that creates notifications claiming a Trojan horse infection has occurred. Worse still, the site plays a continuous, high-pitched beeping tone to encourage users to act quickly. The site claims that the user’s Safari browser has suffered a severe infection and offers an app to download as a remedy. This app, called My Mobile Secure, is a VPN in name only. Users are lead to believe they must use this app to avoid further infections.

So, what does My Mobile Secure actually do as an app? It is a front for a marketing company called MobileXpression, whose business model centers around analyzing user activity across the web. In other words, once a user creates an account in the app, MobileXpression gains access to all their Safari activity and browsing habits, as well as device information and other activity. The MobileXpression site even goes into depth to tell you that they are collecting all your activity information, so there is no illusion of privacy.  Unfortunately this is contained in the “fine print” which most users skip or don’t read.

The good news is that it’s easy to avoid this problem if you do not click on suspicious ads. Installing an ad blocker is not a bad idea in an age where more malicious advertisers hit the web every day. It’s also important to note that My Mobile Secure is not indicative of how VPNs should really work. Trustworthy VPNs only provide a secure tunnel to the Internet for you; they do not collect data on what you do with the VPN connection. If you decide to look for a VPN to help protect from threats and privacy invasions, always look for a reputable, well-known provider.

Join our mailing list for the latest security news and deals