Ask HN: iOS App Installed by Malware?
Ok, this was weird. Wife got email about her Apple ID password being reset at 18:07 (when she was in a store, phoning me).
At 21:29 she she got an email about a new subscription in an app she hadn’t heard of. We were watching TV at the time; she definitely didn't order the subscription since she hadn't even heard of the app.
We checked, and was installed today on her phone (she didn’t do it).
We immediately cancelled the subscription, reset her Apple ID password and installed the iOS 14.4 update (she was on 14.3).
This shouldn’t be possible, so how did it happen? Some fraud scheme using iOS bugs to force-install apps and start subscriptions? Is that even something that happens? Has anyone else seen something like this?
8 comments
[ 2.8 ms ] story [ 22.3 ms ] threadhttps://apps.apple.com/us/app/drum-pad-machine-beat-maker/id...
The attacker logged into the account on a real device and installed the app, probably by accident. Chances are, the compromised account was sold and someone bought it to be able to "buy" paid apps for free.
The app was only installed on her iPhone, not her iPad. The App store list says she bought it ”today”, but no time is provided.
Two factor auth is enabled.
The notification emails from Apple don’t include the IP address of the device causing the event, it seems, so no way to know if it was ”us”.
I suggest you use Apple’s “download your data” tool and request an archive. If anything, that’ll contain extra details about that other rogue device and whatever the attacker did. It will also contain IP addresses.
It's all fine to me, I'm just trying to help here :)
Someone guessed her password.
She should change it again.
Call Apple Support.