A malvertising campaign is targeting iOS devices with a VPN that doesn't hide the fact it collects large quantities of users' information.
The operation displays rogue ads on popular Torrent websites.
If a user clicks on one of the rogue ads, the malvertising chain redirects them to a fake website that claims their device has suffered a virus infection. It also employs the aggressive tactic of playing a high-pitch beeping. To help address the "issues," the site provides a link to a program called "My Mobile Secure."
"We have detected that your Mobile Safari is (45.4%) DAMAGED by BROWSER TROJAN VIRUSES picked up while surfing recent corrupted sites.
"Immediate action is required to prevent it from spreading and infecting sensitive data like your Facebook account, Whatsapp messages photos private applications [sic]"
Funny... the supposed "fix" advertised by the site is is a lot worse than that!
When someone clicks "Remove Virus," their device presents an installation prompt for a VPN called "My Mobile Secure." But I use the term "VPN" loosely. The main reason? My Mobile Secure is linked by users' emails to MobileXpression, a market firm which seeks to study web behavior by collecting users' information. A LOT of it.
Malwarebytes' lead malware intelligence analyst sums up this program in a blog post:
"In this particular case, one cannot help but feel that this VPN application comes with some serious baggage and unfortunately the average user will not take the time to review the fine details. If the intent is to use a VPN to anonymize your online activities, this does almost the opposite."
It's reasonable to expect nothing more from a malvertising campaign. With that said, users should take great care to not click on suspicious ads and should consider installing an ad-blocker in their web browsers. They should also consider downloading a VPN, but they should make sure to research VPN providers and their privacy policies carefully before they choose a solution.
For more information regarding what advantages a legitimate VPN provides, click here.