HACKER Q&A
📣 m_eiman

iOS App Installed by Malware?


Ok, this was weird. Wife got email about her Apple ID password being reset at 18:07 (when she was in a store, phoning me).

At 21:29 she she got an email about a new subscription in an app she hadn’t heard of. We were watching TV at the time; she definitely didn't order the subscription since she hadn't even heard of the app.

We checked, and was installed today on her phone (she didn’t do it).

We immediately cancelled the subscription, reset her Apple ID password and installed the iOS 14.4 update (she was on 14.3).

This shouldn’t be possible, so how did it happen? Some fraud scheme using iOS bugs to force-install apps and start subscriptions? Is that even something that happens? Has anyone else seen something like this?

  👤 Nextgrid Accepted Answer ✓
There's are options in iOS to automatically download content that's been downloaded on other devices. One option is for media (music & video) and the other is for apps.

The attacker logged into the account on a real device and installed the app, probably by accident. Chances are, the compromised account was sold and someone bought it to be able to "buy" paid apps for free.

👤 m_eiman
The app that was installed was "Drum Pad Machine - Beat Maker", which seems to be a "real" app, although using the scummy "ten dollar per week subscription" model.

https://apps.apple.com/us/app/drum-pad-machine-beat-maker/id...

👤 bartvk
Did she have a weak or reused password, combined with lack of 2FA? Run her email through haveibeenpwned.
👤 kleer001
> This shouldn’t be possible, so how did it happen?

Someone guessed her password.

She should change it again.

Call Apple Support.